-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 May 2022 10:19:13 +0200 Source: clamav Architecture: source Version: 0.103.6+dfsg-0+deb10u1 Distribution: buster Urgency: medium Maintainer: ClamAV Team Changed-By: Sebastian Andrzej Siewior Changes: clamav (0.103.6+dfsg-0+deb10u1) buster; urgency=medium . * Import 0.103.6 - CVE-2022-20770 (Possible infinite loop vulnerability in the CHM file parser). - CVE-2022-20796 (Possible NULL-pointer dereference crash in the scan verdict cache check). - CVE-2022-20771 (Possible infinite loop vulnerability in the TIFF file parser). - CVE-2022-20785 (Possible memory leak in the HTML file parser/ Javascript normalizer). - CVE-2022-20792 (Possible multi-byte heap buffer overflow write vulnerability in the signature database load module. - Update symbol file. Checksums-Sha1: e45f5250fb7df9ff3cd4a284ace9081ed1bb6d39 2992 clamav_0.103.6+dfsg-0+deb10u1.dsc 6212705bf2cb168a55f76ae4cab31fa40909aed8 7135300 clamav_0.103.6+dfsg.orig.tar.xz 611b96c47434e0b78b6cb2488073d815f8808764 219336 clamav_0.103.6+dfsg-0+deb10u1.debian.tar.xz Checksums-Sha256: 65e24dfd0e40eda0a0df39d9368f6eb964ad18f8947caf23d4ae7729689b598c 2992 clamav_0.103.6+dfsg-0+deb10u1.dsc b1c740636772259addbca9901a27bb92213970eaba820db472b3cfe328b5a0b2 7135300 clamav_0.103.6+dfsg.orig.tar.xz 0bc5042f59f3a9f9c0657fd11321b9bb6c8146a7c0da15dbc68dce05519a9020 219336 clamav_0.103.6+dfsg-0+deb10u1.debian.tar.xz Files: a1ea2d6969842d8bc592f3dbfc7e48a4 2992 utils optional clamav_0.103.6+dfsg-0+deb10u1.dsc ef852aa3917ceb5647361da21c8830a3 7135300 utils optional clamav_0.103.6+dfsg.orig.tar.xz f8eb2bf99daa184444707d5ff87d4c8a 219336 utils optional clamav_0.103.6+dfsg-0+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAmKPPxcACgkQe5boFiqM 9dHCrxAAi8R/X6eY9qCna+xv9tz0VUBSCh7Ix9Jzal3AusrVu1ZTD2zOAKSvcHzN CXu8imW7Uhax0SyGjbFajSAdfrdXp1i1XNgxuggWYGJ49+JCFgEYz8rrLxnz/EIs F9kAoQ7/vndRo5kiLBMk3JWcidVtQHCE2iZ6P2UoFaUDuMXBu7EvI6TI35HlLjRk njFxYXrLKfzBMK6u7QKcrZ+fv6TC20Erwbq6M58DTPo/ojihf8PRr1GVs0cpqiPz QdcAiePpvnuxIZ42LjBRtqmizhl3wx0VJ7+dnEX3s5bhxco0kco2QoX/n+yM2Qw3 EfVP6gP1Bx5pqTleErqueJzpFt8d2VQAp/3p5iuE563RxEqivXpSQ0KSSmugo1en 4wQqO1cZin5KW8caIu4zyKNfs8nxl8+yKK/pSsXjsjq/QJm13rHcyDT9ThMlEp2b t6VVjMK9HY2xrr/CPXzrnyDOGCKQlsSdypH0wumhwVB0Wictftdx/OtHkuIhomsn PDNCGM3f6agbePJljIZjAWUj4PriHT7M6Mn7L9n6QYXWHOu7pV8QcwmUocGtiEmO JlfyEffNNw/vf5KHjNkMs/Ms1OXHwFAl/SkNIk9fnCeiyhHl8G+800DqNSW9RZqp enqOpWeJtAVXIg8BZv28I/7OGZaWQLQNBewaBqu7I9JEZ0jM/+M= =IH8r -----END PGP SIGNATURE-----