[Pkg-clamav-devel] Bugfix for #507624 prepared
Scott Kitterman
debian at kitterman.com
Wed Dec 3 19:45:39 UTC 2008
On Wednesday 03 December 2008 06:39, Florian Weimer wrote:
> * Michael Tautschnig:
> >> * Michael Tautschnig:
> >> > The attached patch provides a fix for etch-security. It does,
> >> > however, not include the previously sent patch for #505134. We could
> >> > upload a package containing both bugfixes at any time. If you prefer
> >> > to only include one of those, this is also prepared easily.
> >>
> >> Does the package in etch still work with current signature databases?
> >> (I've recently seen a report to the contrary.)
> >
> > I don't think that there are any incompatibilities introduced in
> > post-etch versions, even though the version in etch may be unable to make
> > use of all of the features in current signature databases.
>
> I've just checked, and freshclam runs just fine (for some values of
> "fine", of course, given that some signatures are ignored). Looks
> like the report was wrong. Sorry for the noise.
>
> Your patch looks fine. Is there a CVE yet?
I'm told the jpeg recursion issue got CVE-2008-5314.
Scott K
More information about the Pkg-clamav-devel
mailing list