[Pkg-clamav-devel] Wheezy update of clamav?

Moritz Muehlenhoff jmm at inutil.org
Fri Mar 9 09:52:17 UTC 2018


On Fri, Mar 09, 2018 at 11:45:58AM +0100, Santiago R.R. wrote:
> Hi,
> 
> El 02/03/18 a las 23:36, Sebastian Andrzej Siewior escribió:
> > On 2018-03-02 02:19:04 [+0000], Scott Kitterman wrote:
> > > Conveniently, upstream just released 0.99.4 that addresses this and some other issues.  I'd suggest you let us get that into stable/oldstable first.
> > 
> > I will try to get to this around SA/SO for Stretch/Jessie. There are 5
> > CVEs in total (not just the one you (the LTS team) mentioned).
> 
> Just to be sure, the new upstream release should be used to fix the
> issues in wheezy too?

Definitely, clamav is only updated via jessie-updates/stretch-updates
as it needs a current runtime to be able to parse all malware signatures
(independant of vulnerabilities in clamav itself).

But you need to make sure that wheezy is not updated ahead of jessie/stretch,
otherwise you'll break upgrades.

Cheers,
        Moritz



More information about the Pkg-clamav-devel mailing list