#54856 – Update clamav for CVE-2025-20260

Bug 54856 - Update clamav for CVE-2025-20260

Summary: Update clamav for CVE-2025-20260

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	clamav (show other bugs)
Version:	unstable
Hardware:	x86_64 Linux

Importance:	P5 critical
Assignee:	Sergey Y. Afonin
QA Contact:	qa-sisyphus

URL:
Keywords:

Duplicates (1):	56667 (view as bug list)
Depends on:
Blocks:	54849
	Show dependency tree

Reported:	2025-06-19 14:20 MSK by Sergey Y. Afonin
Modified:	2025-10-30 03:24 MSK (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergey Y. Afonin 2025-06-19 14:20:36 MSK

Из bug 54849:

https://www.cve.org/CVERecord?id=CVE-2025-20260 (9.8, buffer overflow RCE)

Comment 1 Sergey Y. Afonin 2025-10-29 12:57:38 MSK

*** Bug 56667 has been marked as a duplicate of this bug. ***

Comment 2 Sergey Y. Afonin 2025-10-30 03:24:08 MSK

 Wed Oct 29 2025 Alexei Takaseev <taf@altlinux> 1.4.3-alt1
 - 1.4.3 (Fixes CVE-2025-20260)
 - Add vendoring for rust
 - Update patches
 - Change /var/run/clamav -> /run/clamav
 - Disable slamscan test
 - Change soname 9 -> 12
 - Use cmake for build
 - Use PrivateMirror's by default