Roberto Ullfig wrote:
Nigel Horne wrote:
A vulnerability was identified by Secunia in 0.92.1 relating to the PE
module.
We immediately disabled this module about a month ago. Since then we
have been
working on, and produced, a fix which is included in 0.93. 0.93 is due
for release
very soon, and all users are advised to update to this release with
immediate effect.
0.93RC1 does not include the fix.
Regards,
By disabling the module do you mean to say that 0.92.1 is not
vulnerable? Why does CERT say otherwise?
As soon as we found out about the vulnerability we issued a "dconf" update
to switch off the affected module, upack. All 0.92.1 users are advised to
upgrade to 0.93 immediately.
-Nigel
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
