Debian Package Tracker

general

source: clamav (main)
version: 0.102.4+dfsg-1
maintainer: ClamAV Team (archive) (DMD)
uploaders: Andreas Cadhalpun [DMD] – Sebastian Andrzej Siewior [DMD] – Scott Kitterman [DMD] – Michael Meskes [DMD] – Michael Tautschnig [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.100.0+dfsg-0+deb8u1
o-o-sec: 0.101.5+dfsg-0+deb8u2
oldstable: 0.102.3+dfsg-0~deb9u1
old-upd: 0.102.3+dfsg-0~deb9u1
stable: 0.102.4+dfsg-0+deb10u1
stable-upd: 0.102.3+dfsg-0+deb10u1
testing: 0.102.4+dfsg-1
unstable: 0.102.4+dfsg-1

versioned links

0.100.0+dfsg-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.100.3+dfsg-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.101.5+dfsg-0+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.102.3+dfsg-0~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.102.3+dfsg-0+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.102.4+dfsg-0+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.102.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

clamav (6 bugs: 0, 6, 0, 0)
clamav-base
clamav-daemon (9 bugs: 0, 7, 2, 0)
clamav-docs
clamav-freshclam (6 bugs: 0, 5, 1, 0)
clamav-milter (4 bugs: 0, 0, 4, 0)
clamav-testfiles
clamdscan (1 bugs: 0, 1, 0, 0)
libclamav-dev
libclamav9

action needed

2 security issues in stretch high

There are 2 open security issues in stretch.

2 important issues:

CVE-2020-3481: A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVE-2020-3350: A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.

Please fix them.

Created: 2020-07-18 Last update: 2020-08-01 16:04

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-06-28 Last update: 2020-08-03 13:00

Depends on packages which need a new maintainer normal

The packages that clamav depends on which need a new maintainer are:

sendmail (#740070)
- Build-Depends: libmilter-dev
- Depends: libmilter1.0.1

Created: 2019-11-22 Last update: 2020-08-03 12:33

34 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 6dd3b97af8d02675c88d4f9d59a3c9407878a5be
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 17 20:30:09 2020 +0200

    Release 0.102.4+dfsg-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit a529ec10adfdcd40354b369cdd2527540e49430c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 17 20:23:15 2020 +0200

    Update symbol file
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit b3791793929f3417db9ce1d8ca3a9217bf7868e6
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 17 19:51:38 2020 +0200

    Import 0.102.4
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit b71b8b517c7e7346d43aa9dc79c39602ccceefe3
Merge: f3c467e5 a5539398
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 17 20:21:14 2020 +0200

    merge patched-unstable into unstable

commit a55393989a16de31e912559c87580d6e72b58a70
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sun Feb 16 17:09:37 2020 +0100

    clamsubmit / libfreshclam: Use CURL_CA_BUNDLE
    
    Use the CURL_CA_BUNDLE enviroment to set cURL's CURLOPT_CAINFO option.
    This is also used by the command line tool.
    
    Patch-Name: clamsubmit-libfreshclam-Use-CURL_CA_BUNDLE.patch
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 6c1a14d6b2e352e141fa886c41e2eb6ea9c50a12
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Fri Oct 14 20:24:56 2016 +0200

    Add support for LLVM 3.9
    
    Changes:
    IRBuilder no longer has a preserveNames template argument.
    AtomicOrdering is now a strongly typed enum.
    
    Patch-Name: Add-support-for-LLVM-3.9.patch

commit 69978204435f4a521a44baaf4e8a6123fad8b4c7
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Fri Oct 14 20:24:48 2016 +0200

    Add support for LLVM 3.8
    
    Main changes:
    llvm/Config/config.h was removed.
    The ScalarEvolution pass is now a WrapperPass.
    Iterators are no longer automatically converted to and from pointers.
    The GVNPass causes the test_bswap_jit test to fail; replaced with
    ConstantPropagationPass.
    LLVMIsMultithreaded is from the C API, while llvm_is_multithreaded is
    the corresponding C++ API.
    
    Patch-Name: Add-support-for-LLVM-3.8.patch

commit 92687316abb10f8a3b9b348ca2ef8c4bbbc9c380
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Fri Oct 14 20:24:39 2016 +0200

    Add support for LLVM 3.7
    
    Main changes:
    The DataLayoutPass is no longer necessary.
    The LoopInfo pass is now a WrapperPass.
    Before creating TargetLibraryInfo one needs to create a
    TargetLibraryInfoImpl.
    PassManager is now in the legacy:: namespace.
    GetElementPtrInst::getIndexedType changed behavior causing segfaults in
    the testsuite; emulating the old behavior now.
    CreateCallX functions for fixed number X of elements got removed.
    JITEmitDebugInfo Option was removed.
    DIDescriptor was removed.
    
    Patch-Name: Add-support-for-LLVM-3.7.patch

commit 56a88c38d1316783002929eb15ab5f9be7e34b38
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Aug 11 21:54:10 2016 +0200

    clamd: don't depend on clamav-demon.socket
    
    Let's try to live without it.
    This should avoid the endless loop in #824042. Newer systemd have
    rate-limiting on (re)starts. This rate-limiting would stop the socket
    service. The only purpose for the socket activation is to get clamd
    started after the initial freshclam run on installs so I think we can
    live without and manually start the daemon after installation.
    
    Patch-Name: clamd_dont_depend_on_clamav_demon_socket.patch
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 666835873035e9f1b9d5e6787a96f255c37f5da5
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Wed Mar 11 20:03:15 2015 +0100

    add support for system tomsfastmath
    
    Patch-Name: add-support-for-system-tomsfastmath.patch

commit f3c467e5e5a7b6b6602364490d0f991a14dd82a5
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 17 20:20:56 2020 +0200

    record new upstream branch created by importing clamav_0.102.4+dfsg.orig.tar.xz

commit 1a399f2c52cd656c26d2144c47b722a787bee07f
Author: Scott Kitterman <scott@kitterman.com>
Date:   Mon Mar 10 19:20:18 2014 -0400

    Change paths in sample conf file to match Debian
    
    Patch-Name: Change-paths-in-sample-conf-file-to-match-Debian.patch

commit 2e5f12d74d7065a47a1cf072e703445b81878e07
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri Jul 17 20:20:56 2020 +0200

    Import clamav_0.102.4+dfsg.orig.tar.xz

commit 02b650bcff313f68b32c46dc59d9c81397f635c0
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Fri May 29 23:52:41 2020 +0200

    Add also suggest to libclamav
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 44c83f6efb79ac39a30b562bef96aeec344f6114
Author: Scott Kitterman <scott@kitterman.com>
Date:   Sun May 17 12:56:28 2020 -0400

    Add Suggests for unversioned libclamunrar package on clamav-daemon and clamav binaries

commit 77b668ae959b058eb1122f893dcdcfcead319674
Author: Scott Kitterman <scott@kitterman.com>
Date:   Sun May 17 12:50:42 2020 -0400

    Honour DEB_BUILD_OPTIONS=nocheck again. (Closes: #960843)

commit d4a6d85fcac16f3516de4ac0665b1a319528f6ff
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 17:12:09 2020 +0200

    Release 0.102.3+dfsg-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit a9e465fe88db77b277459f79ff272589359d5e1a
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 17:11:40 2020 +0200

    Update copyright file, mspack.[ch] moved
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit a24caa3a24d1bc091f9921581674a06030bc2380
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 16:38:21 2020 +0200

    Reference the installed sample files
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 751fbc968587e882c35f12ee0ce175fe95223867
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 16:36:58 2020 +0200

    Reference the installed man-pages instead the in-tree
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit e2b497daae6b8019392dfe1e8c508932f13cc51d
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 15:01:10 2020 +0200

    Use "make check" to run the testsuite
    
    Somehow the make file has now `check' and `test' target and debhelper
    now uses `test' which does nothing.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit 7e89526d4e2884dbb4d04229b29830fd9cc6a1d8
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 14:00:09 2020 +0200

    split-script: Update the libclamunrar-configure.ac script
    
    This was tested on the libclamurar package and seems to work.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit ff431d4fdae686fdabf8e1175d22284b3e783d47
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 11:40:46 2020 +0200

    Import 0.102.3+dfsg-1
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit e29aa316392cc6772429c4299aa65701b4654b73
Merge: 4e20fb31 bcb2ce4f
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 11:35:40 2020 +0200

    merge patched-unstable into unstable

commit 4e20fb3119f84d603ac7124dcdff4d957679461d
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 11:33:09 2020 +0200

    record new upstream branch created by importing clamav_0.102.3+dfsg.orig.tar.xz

commit bcb2ce4fa5fb061cc2c1dfb5754d59b89aed291c
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sun Feb 16 17:09:37 2020 +0100

    clamsubmit / libfreshclam: Use CURL_CA_BUNDLE
    
    Use the CURL_CA_BUNDLE enviroment to set cURL's CURLOPT_CAINFO option.
    This is also used by the command line tool.
    
    Patch-Name: clamsubmit-libfreshclam-Use-CURL_CA_BUNDLE.patch
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit edd29126b1070ea687823e66fdf9c7f6621ece6e
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Fri Oct 14 20:24:56 2016 +0200

    Add support for LLVM 3.9
    
    Changes:
    IRBuilder no longer has a preserveNames template argument.
    AtomicOrdering is now a strongly typed enum.
    
    Patch-Name: Add-support-for-LLVM-3.9.patch

commit 05e9da59483a9035226860f3f98099a2df50278c
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Fri Oct 14 20:24:48 2016 +0200

    Add support for LLVM 3.8
    
    Main changes:
    llvm/Config/config.h was removed.
    The ScalarEvolution pass is now a WrapperPass.
    Iterators are no longer automatically converted to and from pointers.
    The GVNPass causes the test_bswap_jit test to fail; replaced with
    ConstantPropagationPass.
    LLVMIsMultithreaded is from the C API, while llvm_is_multithreaded is
    the corresponding C++ API.
    
    Patch-Name: Add-support-for-LLVM-3.8.patch

commit b6df01c3ff9b5de032a61cda50ac31c2cd5da742
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Fri Oct 14 20:24:39 2016 +0200

    Add support for LLVM 3.7
    
    Main changes:
    The DataLayoutPass is no longer necessary.
    The LoopInfo pass is now a WrapperPass.
    Before creating TargetLibraryInfo one needs to create a
    TargetLibraryInfoImpl.
    PassManager is now in the legacy:: namespace.
    GetElementPtrInst::getIndexedType changed behavior causing segfaults in
    the testsuite; emulating the old behavior now.
    CreateCallX functions for fixed number X of elements got removed.
    JITEmitDebugInfo Option was removed.
    DIDescriptor was removed.
    
    Patch-Name: Add-support-for-LLVM-3.7.patch

commit 2283fedc47de1c830730b2aa2bbde6c128bc6c6e
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Thu Aug 11 21:54:10 2016 +0200

    clamd: don't depend on clamav-demon.socket
    
    Let's try to live without it.
    This should avoid the endless loop in #824042. Newer systemd have
    rate-limiting on (re)starts. This rate-limiting would stop the socket
    service. The only purpose for the socket activation is to get clamd
    started after the initial freshclam run on installs so I think we can
    live without and manually start the daemon after installation.
    
    Patch-Name: clamd_dont_depend_on_clamav_demon_socket.patch
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

commit bcf63fa6bbd519bc61c2b2553fb1913f802eb96e
Author: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date:   Wed Mar 11 20:03:15 2015 +0100

    add support for system tomsfastmath
    
    Patch-Name: add-support-for-system-tomsfastmath.patch

commit 96ac148bccb9c9fd430c1f08b0e1a9b52f70bb54
Author: Scott Kitterman <scott@kitterman.com>
Date:   Mon Mar 10 19:20:18 2014 -0400

    Change paths in sample conf file to match Debian
    
    Patch-Name: Change-paths-in-sample-conf-file-to-match-Debian.patch

commit 07c9b9ef63bc584a39143a6cd002d199d1d46397
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 11:33:08 2020 +0200

    Import clamav_0.102.3+dfsg.orig.tar.xz

commit d11e3fda751e23f8eaefadd970ce8ef058a69319
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date:   Sat May 16 11:26:08 2020 +0200

    split-script: Duct the unrar part
    
    The splits cript has various rules to remove and replace parts of
    clamav's configure.ac which is copied to libclamunrar. It broke in all
    of last releases and it gets more complex to remove the correct pieces.
    After fixing the sed lines a few times and fiddling with it manually I
    now got to a point where I want to preserve a sane version of it and
    reuse in future.
    
    Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Created: 2020-05-16 Last update: 2020-08-01 07:05

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2020-02-26 Last update: 2020-02-26 10:49

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2019-03-01 09:46

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-07-23] Accepted clamav 0.102.4+dfsg-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2020-07-21] clamav 0.102.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-07-18] Accepted clamav 0.102.4+dfsg-1 (source) into unstable (Sebastian Andrzej Siewior)
[2020-05-30] Accepted clamav 0.102.3+dfsg-0~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2020-05-30] Accepted clamav 0.102.3+dfsg-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Sebastian Andrzej Siewior)
[2020-05-19] Accepted clamav 0.101.5+dfsg-0+deb8u2 (source all amd64) into oldoldstable (Utkarsh Gupta)
[2020-05-19] clamav 0.102.3+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-05-16] Accepted clamav 0.102.3+dfsg-1 (source) into unstable (Sebastian Andrzej Siewior)
[2020-02-25] clamav 0.102.2+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-02-22] Accepted clamav 0.102.2+dfsg-0~deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Sebastian Andrzej Siewior)
[2020-02-22] Accepted clamav 0.102.2+dfsg-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Andrzej Siewior)
[2020-02-22] Accepted clamav 0.102.2+dfsg-2 (source) into unstable (Sebastian Andrzej Siewior)
[2020-02-18] Accepted clamav 0.101.5+dfsg-0+deb8u1 (source all amd64) into oldoldstable (Emilio Pozuelo Monfort)
[2020-02-16] clamav 0.102.2+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-02-09] Accepted clamav 0.102.2+dfsg-1 (source) into unstable (Sebastian Andrzej Siewior)
[2020-02-03] clamav 0.102.1+dfsg-3 MIGRATED to testing (Debian testing watch)
[2020-02-02] Accepted clamav 0.102.1+dfsg-0+deb9u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2020-02-02] Accepted clamav 0.102.1+dfsg-0+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2020-01-31] Accepted clamav 0.102.1+dfsg-3 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2020-01-29] Accepted clamav 0.102.1+dfsg-0+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Sebastian Andrzej Siewior)
[2020-01-29] Accepted clamav 0.102.1+dfsg-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Andrzej Siewior)
[2019-12-26] clamav 0.102.1+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-12-23] Accepted clamav 0.102.1+dfsg-2 (source) into unstable (Sebastian Andrzej Siewior)
[2019-12-21] clamav 0.102.1+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-11-30] Accepted clamav 0.102.1+dfsg-1 (source) into unstable (Sebastian Andrzej Siewior)
[2019-10-14] Accepted clamav 0.101.4+dfsg-0+deb8u2 (source all amd64) into oldoldstable (Hugo Lefeuvre)
[2019-10-09] Accepted clamav 0.101.4+dfsg-0+deb8u1 (source all amd64) into oldoldstable (Hugo Lefeuvre)
[2019-08-28] clamav 0.101.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-08-26] Accepted clamav 0.101.4+dfsg-0+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Sebastian Andrzej Siewior)
[2019-08-26] Accepted clamav 0.101.4+dfsg-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Sebastian Andrzej Siewior)

bugs [bug history graph]

all: 28
RC: 1
I&N: 20
M&W: 7
F&P: 0
patch: 1

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
l10n (87, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.102.4+dfsg-1
41 bugs