Merge pull request #14 from cisco-sbg/CLAM-2638-1.0.7-news

News: updates prior to 1.0.7
Cisco-Talos · Sep 3, 2024 · a54a13d · a54a13d
2 parents 4ab6044 + 8c8c9bc
commit a54a13d
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 20 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -48,9 +48,6 @@ properties(
                 string(name: 'FUZZ_CORPUS_BRANCH',
                        defaultValue: '1.0',
                        description: 'private-fuzz-corpus branch'),
-                string(name: 'APPCHECK_PIPELINE',
-                       defaultValue: 'appcheck-1.0',
-                       description: 'test-pipelines branch for appcheck'),
                 string(name: 'SHARED_LIB_BRANCH',
                        defaultValue: 'master',
                        description: 'tests-jenkins-shared-libraries branch')
@@ -212,23 +209,6 @@ node('default') {
             }
         }
 
-        tasks["appcheck"] = {
-            stage("AppCheck") {
-                final appcheckResult = build(job: "test-pipelines/${params.APPCHECK_PIPELINE}",
-                    propagate: true,
-                    wait: true,
-                    parameters: [
-                        [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
-                        [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
-                        [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"],
-                        [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"],
-                        [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"]
-                    ]
-                )
-                echo "test-pipelines/${params.APPCHECK_PIPELINE} #${appcheckResult.number} succeeded."
-            }
-        }
-
         parallel tasks
     }
 }
diff --git a/NEWS.md b/NEWS.md
@@ -7,6 +7,34 @@ differ slightly from third-party binary packages.
 
 ClamAV 1.0.7 is a patch release with the following fixes:
 
+- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
+  Changed the logging module to disable following symlinks on Linux and Unix
+  systems so as to prevent an attacker with existing access to the 'clamd' or
+  'freshclam' services from using a symlink to corrupt system files.
+
+  This issue affects all currently supported versions. It will be fixed in:
+  - 1.4.1
+  - 1.3.2
+  - 1.0.7
+  - 0.103.12
+
+  Thank you to Detlef for identifying this issue.
+
+- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
+  Fixed a possible out-of-bounds read bug in the PDF file parser that could
+  cause a denial-of-service (DoS) condition.
+
+  This issue affects all currently supported versions. It will be fixed in:
+  - 1.4.1
+  - 1.3.2
+  - 1.0.7
+  - 0.103.12
+
+  Thank you to OSS-Fuzz for identifying this issue.
+
+- Removed unused Python modules from freshclam tests including deprecated
+  'cgi' module that is expected to cause test failures in Python 3.13.
+
 - Fix unit test caused by expiring signing certificate.
   - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305)