[Pkg-clamav-devel] Bug#888484: Processed (with 1 error): Re: Bug#888484: clamav: Security release 0.99.3 available
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 27 14:30:45 UTC 2018
Hi Scott,
On Sat, Jan 27, 2018 at 02:05:59PM +0000, Scott Kitterman wrote:
> fixed 888484 0.99.3~beta2+dfsg-1
>
> Everyone:
>
> Please leave the status of this bug to the package maintainers.
> We've checked and all the security issues in the new 0.99.3 release
> were previously addressed in the beta that's in testing/unstable.
>
> If you think this is incorrect, provide specific information about
> why (i.e. point to the code). Don't change the status of the bug.
> You aren't helping.
This though was not clear at all from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484#29 where the
bug was marked fixed in 0.99.3~beta2+dfsg-1, were Sebastian did wrote:
> I *think* the crashes you obsereved might be due to FD desc issue. This
> was fixed in Stretch by chance but not in Jessie. However the remaining
> CVEs were not addressed yet and I'm looking into it…
>
> [0] http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html
So "the remaining CVEs were not address yet" part.
I take your last email as confirmation that they indeed *are* fixed in
0.99.3~beta2+dfsg-1 and have updated the security-tracker information
as such.
Regards,
Salvatore
More information about the Pkg-clamav-devel
mailing list