Re: Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released!

[Kurt Seifried <kseifried () redhat com>]

Context:

https://bugzilla.clamav.net/show_bug.cgi?id=11088

I found this in 2013, made a note, forgot about it, checked it again
recently and found clamscan still crashing hence CVE-2013-6497.

I don't have any other notes I've forgotten about. I think. =)

On 18/11/14 04:11 PM, Steven Morgan wrote:
> FYI:
>
> ---------- Forwarded message ----------
> From: Joel Esler (jesler) <jesler () cisco com>
> Date: Tue, Nov 18, 2014 at 5:11 PM
> Subject: [Clamav-devel] ClamAV® blog: ClamAV 0.98.5 has been released!
> To: ClamAV Development <clamav-devel () lists clamav net>, ClamAV users ML <
> clamav-users () lists clamav net>, "clamav-announce () lists clamav net" <
> clamav-announce () lists clamav net>
>
>
>
>
> http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
>
> ClamAV 0.98.5 has been released!
>
> Welcome to ClamAV 0.98.5! ClamAV 0.98.5 includes important new features
> for collecting and analyzing file properties. Software developers and
> analysts may collect file property meta data using the ClamAV API for
> subsequent analysis by ClamAV bytecode programs. Using these features
> will require that libjson-c is installed, but otherwise libjson-c is not
> needed.
>
> Look for our upcoming series of blog posts to learn more about using the
> ClamAV API and bytecode facilities for collecting and analyzing file
> properties.
>
> ClamAV 0.98.5 also includes these new features and bug fixes:
>
>
> • Support for the XDP file format and extracting, decoding, and scanning
> PDF files within XDP files. Addition of shared library support for LLVM
> versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of
> ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch
> implementing this support.
> • Enhancements to the clambc command line utility to assist ClamAV bytecode
> signature authors by providing introspection into compiled bytecode
> programs.
> • Resolution of many of the warning messages from ClamAV compilation.
> • Improved detection of malicious PE files.
> • Security fix for ClamAV crash when using 'clamscan -a'. This issue was
> identified by Kurt Siefried of Red Hat.
> • Security fix for ClamAV crash when scanning maliciously crafted yoda's
> crypter files. This issue, as well as several other bugs fixed in this
> release, were identified by Damien Millescamp of Oppida.
> • ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode. Thanks to
> Reinhard Max for supplying the patch.
> • Bug fixes and other feature enhancements. See Changelog or git log for
> details.
>
>
> Thanks to the following ClamAV community members for code submissions
> and bug reporting included in ClamAV 0.98.5:
>
> Andreas Cadhalpun
> Sebastian Andrzej Siewior
> Damien Millescamp
> Reinhard Max
> Kurt Seifried
>
> Please download the latest release of ClamAV from 0.98.5 from our download
> page.
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature