On Fri, Mar 09, 2018 at 11:45:58AM +0100, Santiago R.R. wrote:
> Hi,
>
> El 02/03/18 a las 23:36, Sebastian Andrzej Siewior escribió:
> > On 2018-03-02 02:19:04 [+0000], Scott Kitterman wrote:
> > > Conveniently, upstream just released 0.99.4 that addresses this and some
> > > other issues. I'd suggest you let us get that into stable/oldstable
> > > first.
> >
> > I will try to get to this around SA/SO for Stretch/Jessie. There are 5
> > CVEs in total (not just the one you (the LTS team) mentioned).
>
> Just to be sure, the new upstream release should be used to fix the
> issues in wheezy too?
Definitely, clamav is only updated via jessie-updates/stretch-updates
as it needs a current runtime to be able to parse all malware signatures
(independant of vulnerabilities in clamav itself).
But you need to make sure that wheezy is not updated ahead of jessie/stretch,
otherwise you'll break upgrades.
Cheers,
Moritz
_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
