Hi there,
On Tue, 3 Aug 2021, Paul Kosinski via clamav-users wrote:
On Tue, 3 Aug 2021 07:53:24 +0200
Damian via clamav-users <clamav-users@lists.clamav.net> wrote:
The current "stable" Debian is 10/Buster. It has ClamAV 0.103.2, patched by Debian to
"deb10u1" (whatever that implies)
https://security-tracker.debian.org/tracker/source-package/clamav
Interesting, but *much* more work to figure out how it all relates
to 0.103.3 than simply building 0.103.3 from source.
Quite so.
(Has Debian fixed any problems that the ClamAV team hasn't fixed? If
so, that's scary.)
Nothing serious I think, although this is still uncorrected in 103.3:
https://sources.debian.org/patches/clamav/0.103.2+dfsg-0+deb10u1/0007-unit-tests-Fix-ck_assert_msg-call.patch/
Off their own bat they've done things which weren't done upstream like
making provision for using a 'tomsfastmath' which is provided by the
system instead of it being built into ClamAV; and I guess not fixing
the Windows vulnerability (CVE-2021-1386) was deliberate:
https://sources.debian.org/patches/clamav/0.103.2+dfsg-0+deb10u1/
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
