libmspack / clamav issue in Wheezy

To: debian-lts@lists.debian.org
Cc: pkg-clamav-devel@lists.alioth.debian.org
Subject: libmspack / clamav issue in Wheezy
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat, 5 Aug 2017 00:33:33 +0200
Message-id: <[🔎] 20170804223333.3enb6ah7n54rbq72@breakpoint.cc>

Hi,

CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
it via
	https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
	https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
updated.

Sebastian

Reply to:

Follow-Ups:
- Re: libmspack / clamav issue in Wheezy
  - From: Markus Koschany <apo@debian.org>

Prev by Date: unsuscribe
Next by Date: Re: Wheezy update of fontforge?
Previous by thread: unsuscribe
Next by thread: Re: libmspack / clamav issue in Wheezy
Index(es):
- Date
- Thread