Hi,
CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
it via
https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
updated.
Sebastian
_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
