---
- branch: MAIN
  date: Thu Jun  3 15:47:34 UTC 2021
  files:
  - new: '1.77'
    old: '1.76'
    path: pkgsrc/security/clamav/Makefile
    pathrev: pkgsrc/security/clamav/Makefile@1.77
    type: modified
  - new: '1.20'
    old: '1.19'
    path: pkgsrc/security/clamav/Makefile.common
    pathrev: pkgsrc/security/clamav/Makefile.common@1.20
    type: modified
  - new: '1.37'
    old: '1.36'
    path: pkgsrc/security/clamav/distinfo
    pathrev: pkgsrc/security/clamav/distinfo@1.37
    type: modified
  id: 20210603T154734Z.6e7ae02a9b505c4e2eb6ec9463075b98e81f8b6a
  log: "security/clamav: update to 0.103.2\n\n0.103.2 (2021-04-07)\n\nClamAV 0.103.2
    is a security patch release with the following fixes:\n\n* CVE-2021-1386: Fix
    for UnRAR DLL load privilege escalation.  Affects\n  0.103.1 and prior on Windows
    only.\n\n* CVE-2021-1252: Fix for Excel XLM parser infinite loop.  Affects 0.103.0\n
    \ and 0.103.1 only.\n\n* CVE-2021-1404: Fix for PDF parser buffer over-read; possible
    crash.\n  Affects 0.103.0 and 0.103.1 only.\n\n* CVE-2021-1405: Fix for mail parser
    NULL-dereference crash.  Affects\n  0.103.1 and prior.\n\n* Fix possible memory
    leak in PNG parser.\n\n* Fix ClamOnAcc scan on file-creation race condition so
    files are scanned\n  after their contents are written.\n\n* FreshClam: Deprecate
    the SafeBrowsing config option.  The SafeBrowsing\n  option will no longer do
    anything.\n\n* For more details, see our blog post from last year about the future
    of the\n  ClamAV Safe Browsing database.\n\n* Tip: If creating and hosting your
    own safebrowing.gdb database, you can\n  use the DatabaseCustomURL option in freshclam.conf
    to download it.\n\n* FreshClam: Improved HTTP 304, 403, & 429 handling.\n\n* FreshClam:
    Added back the mirrors.dat file to the database directory.\n  This new mirrors.dat
    file will store:\n\n\t- A randomly generated UUID for the FreshClam User-Agent.\n\t-
    A retry-after timestamp that so FreshClam won't try to update\n          after
    having received an HTTP 429 response until the Retry-After\n          timeout
    has expired.\n\n* FreshClam will now exit with a failure in daemon mode if an
    HTTP 403\n  (Forbidden) was received, because retrying later won't help any.  The\n
    \ FreshClam user will have to take actions to get unblocked.\n\n* Fix the FreshClam
    mirror-sync issue where a downloaded database is \"older\n  than the version advertised.\"\n\n*
    If a new CVD download gets a version that is older than advertised,\n  FreshClam
    will keep the older version and retry the update so that the\n  incremental update
    process (CDIFF patch process) will update to the latest\n  version.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/clamav'
  unixtime: '1622735254'
  user: taca