[Pkg-clamav-devel] Bugfix for #507624 prepared

Florian Weimer fw at deneb.enyo.de
Wed Dec 3 12:50:40 UTC 2008


* Scott Kitterman:

> On Wednesday 03 December 2008 06:52, Florian Weimer wrote:
>> * Scott Kitterman:
>> > On Wed, 03 Dec 2008 12:39:59 +0100 Florian Weimer <fw at deneb.enyo.de> 
> wrote:
>> >>Your patch looks fine.  Is there a CVE yet?
>> >
>> > As of two days ago when I put the Ubuntu change together there was not.
>>
>> Oh well.  At least for the other bug, there's a CVE (CVE-2008-5050).
>>
>> What about CVE-2008-1389?
>
> That was in clamav 0.94.  The patch is svn commit 3749 from upstream.
>
> I think that's on the list of ones we're looking at in Ubuntu to patch our 
> 0.92.1 packages.  I haven't looked at Etch myself.

I think it makes sense to include this change in the current round of
ClamAV patches.

Michael, does this sound reasonable?



More information about the Pkg-clamav-devel mailing list