On Fri, Mar 09, 2018 at 11:45:58AM +0100, Santiago R.R. wrote: > Hi, > > El 02/03/18 a las 23:36, Sebastian Andrzej Siewior escribió: > > On 2018-03-02 02:19:04 [+0000], Scott Kitterman wrote: > > > Conveniently, upstream just released 0.99.4 that addresses this and some > > > other issues. I'd suggest you let us get that into stable/oldstable > > > first. > > > > I will try to get to this around SA/SO for Stretch/Jessie. There are 5 > > CVEs in total (not just the one you (the LTS team) mentioned). > > Just to be sure, the new upstream release should be used to fix the > issues in wheezy too?
Definitely, clamav is only updated via jessie-updates/stretch-updates as it needs a current runtime to be able to parse all malware signatures (independant of vulnerabilities in clamav itself). But you need to make sure that wheezy is not updated ahead of jessie/stretch, otherwise you'll break upgrades. Cheers, Moritz _______________________________________________ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel