Hello community, here is the log from the commit of package clamav for openSUSE:Factory checked in at 2015-05-07 08:29:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/clamav (Old) and /work/SRC/openSUSE:Factory/.clamav.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "clamav" Changes: -------- --- /work/SRC/openSUSE:Factory/clamav/clamav.changes 2015-02-06 22:38:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.clamav.new/clamav.changes 2015-05-07 08:29:24.000000000 +0200 @@ -1,0 +2,33 @@ +Mon May 4 13:39:49 UTC 2015 - max@suse.com + +- Version 0.98.7 fixes several security issues (bsc#929192) and + other bug fixes/improvements: + * Fix crash in upx decoder with crafted file. Discovered and + patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170. + * Fix infinite loop condition on crafted y0da cryptor + file. Identified and patch suggested by Sebastian Andrzej + Siewior. CVE-2015-2221. + * Fix crash on crafted petite packed file. Reported and patch + supplied by Sebastian Andrzej Siewior. CVE-2015-2222. + * Fix an infinite loop condition on a crafted "xz" archive file. + This was reported by Dimitri Kirchner and Goulven Guiheux. + CVE-2015-2668. + * Apply upstream patch for possible heap overflow in Henry + Spencer's regex library. CVE-2015-2305. + * Fix false negatives on files within iso9660 containers. This + issue was reported by Minzhuan Gong. + * Fix a couple crashes on crafted upack packed file. Identified + and patches supplied by Sebastian Andrzej Siewior. + * Fix a crash during algorithmic detection on crafted PE file. + Identified and patch supplied by Sebastian Andrzej Siewior. + * Fix compilation error after ./configure --disable-pthreads. + Reported and fix suggested by John E. Krokes. + * Fix segfault scanning certain HTML files. Reported with sample + by Kai Risku. + * Improve detections within xar/pkg files. + * Improvements to PDF processing: decryption, escape sequence + handling, and file property collection. + * Scanning/analysis of additional Microsoft Office 2003 XML + format. + +------------------------------------------------------------------- Old: ---- clamav-0.98.6.tar.gz clamav-0.98.6.tar.gz.sig New: ---- clamav-0.98.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ clamav.spec ++++++ --- /var/tmp/diff_new_pack.sFQLql/_old 2015-05-07 08:29:25.000000000 +0200 +++ /var/tmp/diff_new_pack.sFQLql/_new 2015-05-07 08:29:25.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package clamav # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -48,7 +48,7 @@ Summary: Antivirus Toolkit License: GPL-2.0 Group: Productivity/Security -Version: 0.98.6 +Version: 0.98.7 Release: 0 Url: http://www.clamav.net Requires: latex2html-pngicons @@ -56,7 +56,6 @@ PreReq: %_sbindir/groupadd %_sbindir/useradd %_sbindir/usermod PreReq: /usr/bin/awk /bin/sed /bin/tar Source0: http://downloads.sourceforge.net/clamav/%{name}-%{version}.tar.gz -Source10: http://downloads.sourceforge.net/clamav/%{name}-%{version}.tar.gz.sig Source11: clamav.keyring Source3: clamav-updateclamconf Source4: clamav-rpmlintrc ++++++ clamav-0.98.6.tar.gz -> clamav-0.98.7.tar.gz ++++++ /work/SRC/openSUSE:Factory/clamav/clamav-0.98.6.tar.gz /work/SRC/openSUSE:Factory/.clamav.new/clamav-0.98.7.tar.gz differ: char 5, line 1