Hi Scott, On Sat, Jan 27, 2018 at 02:05:59PM +0000, Scott Kitterman wrote: > fixed 888484 0.99.3~beta2+dfsg-1 > > Everyone: > > Please leave the status of this bug to the package maintainers. > We've checked and all the security issues in the new 0.99.3 release > were previously addressed in the beta that's in testing/unstable. > > If you think this is incorrect, provide specific information about > why (i.e. point to the code). Don't change the status of the bug. > You aren't helping.
This though was not clear at all from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484#29 where the bug was marked fixed in 0.99.3~beta2+dfsg-1, were Sebastian did wrote: > I *think* the crashes you obsereved might be due to FD desc issue. This > was fixed in Stretch by chance but not in Jessie. However the remaining > CVEs were not addressed yet and I'm looking into it… > > [0] > http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html So "the remaining CVEs were not address yet" part. I take your last email as confirmation that they indeed *are* fixed in 0.99.3~beta2+dfsg-1 and have updated the security-tracker information as such. Regards, Salvatore _______________________________________________ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel