[Pkg-clamav-devel] Bug#888484: Bug#888484: Patch still not available
Scott Kitterman
debian at kitterman.com
Sun Jan 28 01:56:54 UTC 2018
On Sunday, January 28, 2018 12:14:36 AM Ninos Ego wrote:
> Hey there,
>
> I do not want to stress, but does it have any reasons, why it takes so
> long to patch clamav with severity "grave"? Can you guys may tell me how
> long you still need to fix clamav in current debian stable (stretch)?
> ATM clamav is running on our systems for spam mail protection. If you
> still need some time (> 12h), I'm forced to disable clamav as long as
> it's not fixed. < 0.99.3 is vulnerable for code execution...
We're currently waiting on approval from a stable release manager to upload
the fix:
https://bugs.debian.org/888552
https://bugs.debian.org/888553
Clamav is not supported through the normal Debian security release process
because of the general necessity of updating clamav in complete upstream
releases that carry much more than security fixes. As a result, it takes a
little longer.
If you know how to build a Debian package (and honestly, if you are
administering Debian systems, you should), then you can grab the stable source
package, apply the patch from the bug, and build a local package for use until
we get this approved and uploaded.
Scott K
More information about the Pkg-clamav-devel
mailing list