Re: Suitability of additional non-security fix for clamav?
On Sat, Jan 27, 2018 at 05:34:00PM -0500, Roberto C. Sánchez wrote:
> I am in the process of preparing an update for clamav.
> I am curious as to what others might think of including an additional
> fix that is not technically security-related. It fixes a rather serious
> bug that causes clamd to crash if a bad virus definition file is
> published. The inclusion of the additional patch in the next wheezy
> update was recommended by a clamav maintainer (Scott Kitterman).
> Unless there are objections, I plan to include the patch as just a few
> days ago there was a bad virus definition file published that caused
> clamav crashes for many users.
In jessie/stretch clamav is updated via -updates precisely for the
reason that ClamAV needs regular non-security changes to remain
usable. So LTS should definitely be kept updated with the same