On 04/08/17 18:33, Sebastian Andrzej Siewior wrote:
Hi, CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is affected because it bundles the libmspack library. Clamav upstream fixed it via https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13 https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96 and I just updated the security-tracker to reflect this. Jessie+ is using the libmspack in the archive so it will be fixed once libmspack is updated.
Hi,thank you for making us aware of this issue. Do you prefer to take care of this yourself? I have just added clamav to dla-needed.txt, so a team member might start to work on it anytime if you are busy.
Regards, Markus