Re: Suitability of additional non-security fix for clamav?

To: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
Subject: Re: Suitability of additional non-security fix for clamav?
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sat, 27 Jan 2018 22:09:39 +0100
Message-id: <[🔎] 20180127210939.GA18506@inutil.org>
In-reply-to: <[🔎] 20180127223400.gov4rbw7spe4ixdr@camaguey.connexer.com>
References: <[🔎] 20180127223400.gov4rbw7spe4ixdr@camaguey.connexer.com>

On Sat, Jan 27, 2018 at 05:34:00PM -0500, Roberto C. Sánchez wrote:
> I am in the process of preparing an update for clamav.
> 
> I am curious as to what others might think of including an additional
> fix that is not technically security-related.  It fixes a rather serious
> bug that causes clamd to crash if a bad virus definition file is
> published.  The inclusion of the additional patch in the next wheezy
> update was recommended by a clamav maintainer (Scott Kitterman).
> 
> https://bugs.debian.org/824196
> https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=d7ea9385baefece1a1c2ff29c3c57853fa8011cb
> 
> Unless there are objections, I plan to include the patch as just a few
> days ago there was a bad virus definition file published that caused
> clamav crashes for many users.

In jessie/stretch clamav is updated via -updates precisely for the
reason that ClamAV needs regular non-security changes to remain
usable. So LTS should definitely be kept updated with the same
standards.

Cheers,
        Moritz

Reply to:

References:
- Suitability of additional non-security fix for clamav?
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Suitability of additional non-security fix for clamav?
Next by Date: Re: Suitability of additional non-security fix for clamav?
Previous by thread: Suitability of additional non-security fix for clamav?
Next by thread: Re: Suitability of additional non-security fix for clamav?
Index(es):
- Date
- Thread