Re: libmspack / clamav issue in Wheezy

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Cc: debian-lts@lists.debian.org, pkg-clamav-devel@lists.alioth.debian.org
Subject: Re: libmspack / clamav issue in Wheezy
From: Markus Koschany <apo@debian.org>
Date: Sat, 5 Aug 2017 09:29:50 -0400
Message-id: <[🔎] 73b76a45-000b-7a1d-1843-75b6e269e313@debian.org>
In-reply-to: <[🔎] 20170804223333.3enb6ah7n54rbq72@breakpoint.cc>
References: <[🔎] 20170804223333.3enb6ah7n54rbq72@breakpoint.cc>

On 04/08/17 18:33, Sebastian Andrzej Siewior wrote:

Hi,

CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is
affected because it bundles the libmspack library. Clamav upstream fixed
it via
	https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
	https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
and I just updated the security-tracker to reflect this. Jessie+ is
using the libmspack in the archive so it will be fixed once libmspack is
updated.

Hi,

thank you for making us aware of this issue. Do you prefer to take careof this yourself? I have just added clamav to dla-needed.txt, so a teammember might start to work on it anytime if you are busy.


Regards,

Markus

Reply to:

Follow-Ups:
- Re: libmspack / clamav issue in Wheezy
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

References:
- libmspack / clamav issue in Wheezy
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Prev by Date: Re: Wheezy update of fontforge?
Next by Date: Re: libmspack / clamav issue in Wheezy
Previous by thread: libmspack / clamav issue in Wheezy
Next by thread: Re: libmspack / clamav issue in Wheezy
Index(es):
- Date
- Thread