Hi again Sorry for spamming. But I guess we should mark them as fixed when we backport the whole thing.
// Ola On Sun, 31 Mar 2019 at 16:39, Ola Lundqvist <[email protected]> wrote: > Hi Markus > > Thank you. > > Looks like we should mark CVE-2019-1786, CVE-2019-1785 and CVE-2019-1798 > as not affecting jessie since it is a vulnerability that was introduced > in 0.101.0. > Or do I misunderstand something? > > // Ola > > On Sun, 31 Mar 2019 at 16:34, Markus Koschany <[email protected]> wrote: > >> Hi Ola, >> >> Am 31.03.19 um 16:19 schrieb Ola Lundqvist: >> > Hi Markus (and the rest of the LTS team) >> > >> > I saw that you added clamav to data/dla-needed.txt. Do you have more >> > information about these CVEs? >> > Do you know if it is the fuzzes mentioned here? >> > https://github.com/Cisco-Talos/clamav-devel/commits >> > >> > Also should we backport these fixes or simply backport the whole new >> > release? >> > >> > // Ola >> >> We usually backport the latest upstream release for Jessie and Stretch. >> They have blogged about it here: >> >> https://blog.clamav.net/ >> >> Cheers, >> >> Markus >> >> > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > | [email protected] [email protected] | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > --------------------------------------------------------------- > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
