[Pkg-clamav-devel] libmspack / clamav issue in Wheezy
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Aug 4 22:33:33 UTC 2017
Hi,
CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
it via
https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
updated.
Sebastian
More information about the Pkg-clamav-devel
mailing list