Hi all,

On  Do 19 Jul 2018 21:18:13 CEST, Sebastian Andrzej Siewior wrote:

On 2018-07-19 17:06:30 [+0200], Mike Gabriel wrote:
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of clamav:

Would you like to take care of this yourself?

I will look after the Stretch update. I won't do it for Jessie. I
*strongly* recommend that you take the Stretch version and and push it
into Jessie. That means you end up with 0.100.1 and not 0.100.0 plus
those two CVEs. One thing that did not receive a CVE was the fix in the
libmspack library which in bundled in clamav and libmspack upstream
fixed it differently (hint: the debian version uses the library). The
same goes for the unrar parts.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
As I said, I strongly recommend to not only fix the CVEs mentioned.
Upstream is not very good at it.


Thanks for the quick response and the feedback. Much appreciated. We will discuss your proposal and someone will pick up the task soon.


mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunwea...@debian.org, http://sunweavers.net

Attachment: pgpDNpx0y_d_J.pgp
Description: Digitale PGP-Signatur

Reply via email to