[Pkg-clamav-devel] ClamAV, again
Scott Kitterman
debian at kitterman.com
Sun Apr 12 06:27:49 UTC 2009
On Sun, 12 Apr 2009 08:13:32 +0200 Michael Tautschnig <mt at debian.org> wrote:
>Hi all,
>
>The latest version of ClamAV (0.95.1) fixes several security issues, one of
>which also affects the versions in etch, lenny, and etch-volatile. All the
>others only affect the version currently in unstable, but we're working on
>updating this one anyway.
>
>The remaining issue is briefly described at
>https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552, seems to be a
possibility
>for a DoS. I don't think there is a CVE(-request) yet.
>
>The patches for oldstable-security, stable-security, and etch-volatile are
>attached. Please let us know whether we should upload or wait for a CVE-Id
>instead.
>
I think you'll want to bump the dconf fl_level too.
Scott K
More information about the Pkg-clamav-devel
mailing list