This one time, at band camp, Tomasz Kojm said: > On Tue, 12 Dec 2006 13:37:30 +0100 > Secunia Research <vuln@secunia.com> wrote: > > > Hi, > > > > we are about to issue an advisory for Clam AntiVirus based on the > > following Debian Security Advisory: > > > > http://www.us.debian.org/security/2006/dsa-1232 > > > > Is this issue already fixed in a recent ClamAV release? If so, which > > release or which CVS commit? > > Hello, > > the issue was fixed in ClamAV 0.87.1 released on November 3, 2005 (two > thousand five). We can't understand why Debian published the advisory right > now. The short version is that it is probably my fault. When each new version of clamav is released, I go through the changelog, looking for things that could potentially affect the security of the version we are stuck with in stable. At the time this was fixed and released, I must have just entirely missed it as a potential denial of service issue. It was then recently brought to my attention by one of our users that a certain email was causing segfaults. It was only then that I noticed that this issue had already been addressed a year ago. I contacted the security team and told them this was fixed long ago upstream, but they decided for procedural reasons that it would be better to go ahead and get a CVE for the issue anyway. Sorry about the fuss, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature