On 04/08/17 18:33, Sebastian Andrzej Siewior wrote:
Hi,

CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
it via
        
https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
        
https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
updated.


Hi,

thank you for making us aware of this issue. Do you prefer to take care of this yourself? I have just added clamav to dla-needed.txt, so a team member might start to work on it anytime if you are busy.

Regards,

Markus

_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel

Reply via email to