[Pkg-clamav-devel] ClamAV. again

Stephen Gran sgran at debian.org
Tue Sep 9 19:13:49 UTC 2008 

This one time, at band camp, Michael Tautschnig said:
> > This one time, at band camp, Steffen Joeris said:
> > > On Sat, 6 Sep 2008 02:06:30 am Stephen Gran wrote:
> > > > Hello all,
> > > >
> > > > Attached is my proposed upload for the latest round of security problems
> > > > in clamav.  It seems that CVE-2008-1389 does not apply to etch security,
> > > > and CVE-2008-3914 only partially applies (that is, they appear to have
> > > > added new fd leaks in versions after etch).
> > > >
> > > > I realize none of these are critical vulnerabilities, so if you don't
> > > > want me to upload, that's fine.  The upload is prepared if you want it.
> > > >
> > > > Please include the mailing list in replies.
> > 
> > > Thanks for your work. For lenny, can we get the four issues list here[0] fixed 
> > > somehow? The diff between the lenny and the sid version is rather large, so I 
> > > guess it won't be included in lenny, but if you have the patches for the 
> > > issues filtered out, we could get it fixed via testing-security.
> > 
> > We have to investigate what to do about lenny, yes, but whatever happens
> > it won't be immediate.  I am fairly sure the patches are fairly easy to
> > cherry-pick - I or one of the other team members can take a look and let
> > you know soon.
> 
> Should we already pursue those issues, or should we rather await the statement
> of the release team as to whether we can get 0.94 into lenny?

It's of course up to you how you spend your energy :)  My personal
feeling is that both are worthwhile, since it may be some time before
0.94 would be ready to go into lenny.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20080909/3d8f91a2/attachment.pgp

More information about the Pkg-clamav-devel mailing list