[Pkg-clamav-devel] Jessie update of clamav?

[Mike Gabriel]

Hi all,

On  Do 19 Jul 2018 21:18:13 CEST, Sebastian Andrzej Siewior wrote:

> On 2018-07-19 17:06:30 [+0200], Mike Gabriel wrote:
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Jessie version of clamav:
>> https://security-tracker.debian.org/tracker/CVE-2018-0360
>> https://security-tracker.debian.org/tracker/CVE-2018-0361
>>
>> Would you like to take care of this yourself?
>
> I will look after the Stretch update. I won't do it for Jessie. I
> *strongly* recommend that you take the Stretch version and and push it
> into Jessie. That means you end up with 0.100.1 and not 0.100.0 plus
> those two CVEs. One thing that did not receive a CVE was the fix in the
> libmspack library which in bundled in clamav and libmspack upstream
> fixed it differently (hint: the debian version uses the library). The
> same goes for the unrar parts.
>
>> PS: A member of the LTS team might start working on this update at
>> any point in time. You can verify whether someone is registered
>> on this update in this file:
>> https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt
> As I said, I strongly recommend to not only fix the CVEs mentioned.
> Upstream is not very good at it.
>
> Sebastian

Thanks for the quick response and the feedback. Much appreciated. We  
will discuss your proposal and someone will pick up the task soon.

Mike
-- 

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver at debian.org, http://sunweavers.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20180719/e9485ead/attachment-0001.sig>