[Pkg-clamav-devel] ClamAV. again
Stephen Gran
sgran at debian.org
Mon Sep 8 18:28:04 UTC 2008
This one time, at band camp, Steffen Joeris said:
> On Sat, 6 Sep 2008 02:06:30 am Stephen Gran wrote:
> > Hello all,
> >
> > Attached is my proposed upload for the latest round of security problems
> > in clamav. It seems that CVE-2008-1389 does not apply to etch security,
> > and CVE-2008-3914 only partially applies (that is, they appear to have
> > added new fd leaks in versions after etch).
> >
> > I realize none of these are critical vulnerabilities, so if you don't
> > want me to upload, that's fine. The upload is prepared if you want it.
> >
> > Please include the mailing list in replies.
> Thanks for your work. For lenny, can we get the four issues list here[0] fixed
> somehow? The diff between the lenny and the sid version is rather large, so I
> guess it won't be included in lenny, but if you have the patches for the
> issues filtered out, we could get it fixed via testing-security.
We have to investigate what to do about lenny, yes, but whatever happens
it won't be immediate. I am fairly sure the patches are fairly easy to
cherry-pick - I or one of the other team members can take a look and let
you know soon.
Cheers,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran at debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20080908/d248f946/attachment.pgp
More information about the Pkg-clamav-devel
mailing list