[Pkg-clamav-devel] ClamAV. again
Michael Tautschnig
mt at debian.org
Tue Sep 9 13:10:34 UTC 2008
> This one time, at band camp, Steffen Joeris said:
> > On Sat, 6 Sep 2008 02:06:30 am Stephen Gran wrote:
> > > Hello all,
> > >
> > > Attached is my proposed upload for the latest round of security problems
> > > in clamav. It seems that CVE-2008-1389 does not apply to etch security,
> > > and CVE-2008-3914 only partially applies (that is, they appear to have
> > > added new fd leaks in versions after etch).
> > >
> > > I realize none of these are critical vulnerabilities, so if you don't
> > > want me to upload, that's fine. The upload is prepared if you want it.
> > >
> > > Please include the mailing list in replies.
>
> > Thanks for your work. For lenny, can we get the four issues list here[0] fixed
> > somehow? The diff between the lenny and the sid version is rather large, so I
> > guess it won't be included in lenny, but if you have the patches for the
> > issues filtered out, we could get it fixed via testing-security.
>
> We have to investigate what to do about lenny, yes, but whatever happens
> it won't be immediate. I am fairly sure the patches are fairly easy to
> cherry-pick - I or one of the other team members can take a look and let
> you know soon.
>
Should we already pursue those issues, or should we rather await the statement
of the release team as to whether we can get 0.94 into lenny?
Thanks,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20080909/950de830/attachment.pgp
More information about the Pkg-clamav-devel
mailing list