[Pkg-clamav-devel] Bug#934359: clamav: ZIP bomb causes extreme CPU spikes
Hugo Lefeuvre
hle at debian.org
Mon Aug 12 07:21:22 BST 2019
Hi Sebastian,
> > Even though this issue is marked as fixed in unstable, the current patch is
> > incomplete (see upstream bug report). Upstream is actively working on a
> > more advanced patch.
>
> I am aware of the situation. I uploaded to unstable what upstream
> released as 0.101.3 (the latest one) and prepared an update for stable.
> _After_ that, the bugtracker got updated claiming that the fix is not
> perfect and other zip bomb was added to the backtracker.
I'm sorry if this sounded insistent, it was not intended like that.
thanks for your work!
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20190812/353a8d90/attachment.sig>
More information about the Pkg-clamav-devel
mailing list