[Pkg-clamav-devel] libmspack / clamav issue in Wheezy

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Fri Aug 4 22:33:33 UTC 2017


Hi,

CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
it via
	https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
	https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
updated.

Sebastian



More information about the Pkg-clamav-devel mailing list