The security team may look at this directly, but tagging server-next to follow up in case not.
There appears to be an established process for clamav updates at https://wiki.ubuntu.com/ClamavUpdates but not sure if it also has an SRU exception granted (LP: #191529 makes me think it might). 0.102.4 does indeed appear to be a narrow update with just CVE fixes: https://blog.clamav.net/2020/07/clamav-01024-security-patch- released.html ** Changed in: clamav (Ubuntu) Importance: Undecided => High ** Changed in: clamav (Ubuntu) Status: New => Triaged ** Also affects: clamav (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: clamav (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: clamav (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: clamav (Ubuntu Eoan) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1888160 Title: ClamAV needs updated to reflect security fixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1888160/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
