ClamAV 1.3.1 is a critical patch release with the following fixes:
-
CVE-2024-20380:
Fixed a possible crash in the HTML file parser that could cause a
denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.
Thank you to Błażej Pawłowski for identifying this issue.
-
Updated select Rust dependencies to the latest versions.
This resolved Cargo audit complaints and included PNG parser bug fixes. -
Fixed a bug causing some text to be truncated when converting from UTF-16.
-
Fixed assorted complaints identified by Coverity static analysis.
-
Fixed a bug causing CVDs downloaded by the
DatabaseCustomURLFreshclam
config option to be pruned and then re-downloaded with every update. -
Added the new 'valhalla' database name to the list of optional databases in
preparation for future work. -
Added symbols to the
libclamav.mapfile to enable additional build
configurations.Patch courtesy of Neil Wilson.