[Pkg-clamav-devel] Bug#888484: Processed (with 1 error): Re: Bug#888484: clamav: Security release 0.99.3 available
Scott Kitterman
debian at kitterman.com
Sat Jan 27 15:12:31 UTC 2018
On January 27, 2018 2:30:45 PM UTC, Salvatore Bonaccorso <carnil at debian.org> wrote:
>Hi Scott,
>
>On Sat, Jan 27, 2018 at 02:05:59PM +0000, Scott Kitterman wrote:
>> fixed 888484 0.99.3~beta2+dfsg-1
>>
>> Everyone:
>>
>> Please leave the status of this bug to the package maintainers.
>> We've checked and all the security issues in the new 0.99.3 release
>> were previously addressed in the beta that's in testing/unstable.
>>
>> If you think this is incorrect, provide specific information about
>> why (i.e. point to the code). Don't change the status of the bug.
>> You aren't helping.
>
>This though was not clear at all from
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484#29 where the
>bug was marked fixed in 0.99.3~beta2+dfsg-1, were Sebastian did wrote:
>
>> I *think* the crashes you obsereved might be due to FD desc issue.
>This
>> was fixed in Stretch by chance but not in Jessie. However the
>remaining
>> CVEs were not addressed yet and I'm looking into it…
>>
>> [0]
>http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html
>
>So "the remaining CVEs were not address yet" part.
>
>I take your last email as confirmation that they indeed *are* fixed in
>0.99.3~beta2+dfsg-1 and have updated the security-tracker information
>as such.
Thanks. This is a bit of a confusing mess (thanks upstream). My understanding is that the remaining ones are ones that are addressed in the beta in unstable/testing, but not the new release. If I find out different, I'll be sure to update the tracker.
Scott K
More information about the Pkg-clamav-devel
mailing list