Created attachment 1899641 [details] unrarsrc-6.1.7.tar.gz - UnRAR - free utility for RAR archives Description of problem: ClamAV 0.103.7 patch versions published Version-Release number of selected component (if applicable): ClamAV 0.103.7 is a critical patch release with the following fixes: Upgrade the vendored UnRAR library to version 6.1.7. Fix logical signature "Intermediates" feature. Relax constraints on slightly malformed zip archives that contain overlapping file entries. Additionaly could you enable use of freeware UnRAR library version 6.1.7 available here https://www.rarlab.com/rar/unrarsrc-6.1.7.tar.gz Thank you.
ClamAV in Fedora and EPEL do NOT have UnRAR support enabled, because it is legally encumbered, so it is not affected by this vulnerability. For details, please see also https://src.fedoraproject.org/rpms/clamav/blob/epel7/f/clamav.spec#_44
FEDORA-2022-0d098f9faa has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-0d098f9faa
FEDORA-2022-2b27348213 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-2b27348213
FEDORA-EPEL-2022-3a1f56b06b has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-3a1f56b06b
FEDORA-EPEL-2022-858300d946 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-858300d946
FEDORA-EPEL-2022-eeac45f79c has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-eeac45f79c
FEDORA-EPEL-2022-eeac45f79c has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-eeac45f79c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2022-3a1f56b06b has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-3a1f56b06b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-0d098f9faa has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-0d098f9faa` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-0d098f9faa See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2022-858300d946 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-858300d946 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-2b27348213 has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-2b27348213` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2b27348213 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Seems to work fine on EL7. Clamav 0.103 will EOL months before EL7, will 0.104 be built for EPEL7? https://docs.clamav.net/faq/faq-eol.html#version-support-matrix Thank you.
FEDORA-EPEL-2022-3a1f56b06b has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2022-eeac45f79c has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2022-858300d946 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-2b27348213 has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-0d098f9faa has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report.