On 04/08/17 18:33, Sebastian Andrzej Siewior wrote:
CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
thank you for making us aware of this issue. Do you prefer to take care
of this yourself? I have just added clamav to dla-needed.txt, so a team
member might start to work on it anytime if you are busy.