[Pkg-clamav-devel] libmspack / clamav issue in Wheezy
Markus Koschany
apo at debian.org
Sat Aug 5 13:29:50 UTC 2017
On 04/08/17 18:33, Sebastian Andrzej Siewior wrote:
> Hi,
>
> CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
> affected because it bundles the libmspack library. Clamav upstream fixed
> it via
> https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
> https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
> and I just updated the security-tracker to reflect this. Jessie+ is
> using the libmspack in the archive so it will be fixed once libmspack is
> updated.
>
Hi,
thank you for making us aware of this issue. Do you prefer to take care
of this yourself? I have just added clamav to dla-needed.txt, so a team
member might start to work on it anytime if you are busy.
Regards,
Markus
More information about the Pkg-clamav-devel
mailing list