[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Suitability of additional non-security fix for clamav?

On Sat, Jan 27, 2018 at 05:34:00PM -0500, Roberto C. Sánchez wrote:
> I am in the process of preparing an update for clamav.
> I am curious as to what others might think of including an additional
> fix that is not technically security-related.  It fixes a rather serious
> bug that causes clamd to crash if a bad virus definition file is
> published.  The inclusion of the additional patch in the next wheezy
> update was recommended by a clamav maintainer (Scott Kitterman).
> https://bugs.debian.org/824196
> https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=d7ea9385baefece1a1c2ff29c3c57853fa8011cb
> Unless there are objections, I plan to include the patch as just a few
> days ago there was a bad virus definition file published that caused
> clamav crashes for many users.

In jessie/stretch clamav is updated via -updates precisely for the
reason that ClamAV needs regular non-security changes to remain
usable. So LTS should definitely be kept updated with the same


Reply to: