Hi Markus Thank you.
Looks like we should mark CVE-2019-1786, CVE-2019-1785 and CVE-2019-1798 as not affecting jessie since it is a vulnerability that was introduced in 0.101.0. Or do I misunderstand something? // Ola On Sun, 31 Mar 2019 at 16:34, Markus Koschany <[email protected]> wrote: > Hi Ola, > > Am 31.03.19 um 16:19 schrieb Ola Lundqvist: > > Hi Markus (and the rest of the LTS team) > > > > I saw that you added clamav to data/dla-needed.txt. Do you have more > > information about these CVEs? > > Do you know if it is the fuzzes mentioned here? > > https://github.com/Cisco-Talos/clamav-devel/commits > > > > Also should we backport these fixes or simply backport the whole new > > release? > > > > // Ola > > We usually backport the latest upstream release for Jessie and Stretch. > They have blogged about it here: > > https://blog.clamav.net/ > > Cheers, > > Markus > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
