Skip to content

ClamAV 1.3.1

Compare
Choose a tag to compare
@micahsnyder micahsnyder released this 17 Apr 17:25
· 129 commits to main since this release

ClamAV 1.3.1 is a critical patch release with the following fixes:

  • CVE-2024-20380:
    Fixed a possible crash in the HTML file parser that could cause a
    denial-of-service (DoS) condition.

    This issue affects version 1.3.0 only and does not affect prior versions.

    Thank you to Błażej Pawłowski for identifying this issue.

  • Updated select Rust dependencies to the latest versions.
    This resolved Cargo audit complaints and included PNG parser bug fixes.

  • Fixed a bug causing some text to be truncated when converting from UTF-16.

  • Fixed assorted complaints identified by Coverity static analysis.

  • Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam
    config option to be pruned and then re-downloaded with every update.

  • Added the new 'valhalla' database name to the list of optional databases in
    preparation for future work.

  • Added symbols to the libclamav.map file to enable additional build
    configurations.

    Patch courtesy of Neil Wilson.