Nigel Horne wrote: > Roberto Ullfig wrote: >> Nigel Horne wrote: >>> A vulnerability was identified by Secunia in 0.92.1 relating to the >>> PE module. >>> We immediately disabled this module about a month ago. Since then we >>> have been >>> working on, and produced, a fix which is included in 0.93. 0.93 is >>> due for release >>> very soon, and all users are advised to update to this release with >>> immediate effect. >>> 0.93RC1 does not include the fix. >>> >>> Regards, >>> >> >> By disabling the module do you mean to say that 0.92.1 is not >> vulnerable? Why does CERT say otherwise? > > As soon as we found out about the vulnerability we issued a "dconf" update > to switch off the affected module, upack. All 0.92.1 users are advised to > upgrade to 0.93 immediately.
So, are 0.92.1 users temporarily safe due to the [freshclam?] update which turned off the module? Or not? By throwing in the trailing statement, you're confusing things. Just answer the question about 0.92.1 being vulnerable, without repeating whether or not people need to upgrade. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html