I agree that the CVEs will be needed. But 103.2 also includes the next step in disabling safe browsing => https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html That might be ok as upstream can't provide the data anyway, but still worth to think.
Also a bunch of other changes, but all fixes. But we shouldn't miss that this also includes all of https://blog.clamav.net/search/label/0.103.1 That added a few features (none dropped gladly), and much more fixes. Now on a normal package I'd say "that seems too much for a late sync". But we have to take into account that clamav isn't normal. Security does regularly full version sync/backports to the former Ubuntu versions. So if it is ok to push all these post-release, then I see no blocker in fetching all these good changes now - even if it is late. If it fails to complete/build/migrate it will still be pushed to all supported releases a bit later. I hope you all can follow my agrumentation ... syncing it now. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1252 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1404 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1405 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1923831 Title: Sync clamav 0.103.2+dfsg-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1923831/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
