John Rudd wrote: > Nigel Horne wrote: >> Roberto Ullfig wrote: >>> Nigel Horne wrote: >>>> A vulnerability was identified by Secunia in 0.92.1 relating to the >>>> PE module. >>>> We immediately disabled this module about a month ago. Since then we >>>> have been >>>> working on, and produced, a fix which is included in 0.93. 0.93 is >>>> due for release >>>> very soon, and all users are advised to update to this release with >>>> immediate effect. >>>> 0.93RC1 does not include the fix. >>>> >>>> Regards, >>>> >>> >>> By disabling the module do you mean to say that 0.92.1 is not >>> vulnerable? Why does CERT say otherwise? >> >> As soon as we found out about the vulnerability we issued a "dconf" >> update >> to switch off the affected module, upack. All 0.92.1 users are advised to >> upgrade to 0.93 immediately. > > Oh, and, while we're on the subject, what about 0.88.6? is that version > vulnerable? (don't tell me to upgrade -- I haven't been able to get > newer versions to compile on Mac OS X 10.4.x) > >
er.. Sorry, I'm using 0.91.2, not 0.88.6, on my Macs. (using 0.92.1 on my Solaris boxes) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
