[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: clamav?

Hi Markus

Thank you.

Looks like we should mark CVE-2019-1786, CVE-2019-1785 and CVE-2019-1798 as not affecting jessie since it is a vulnerability that was introduced in 0.101.0.
Or do I misunderstand something?

// Ola

On Sun, 31 Mar 2019 at 16:34, Markus Koschany <apo@debian.org> wrote:
Hi Ola,

Am 31.03.19 um 16:19 schrieb Ola Lundqvist:
> Hi Markus (and the rest of the LTS team)
> I saw that you added clamav to data/dla-needed.txt. Do you have more
> information about these CVEs?
> Do you know if it is the fuzzes mentioned here?
> https://github.com/Cisco-Talos/clamav-devel/commits
> Also should we backport these fixes or simply backport the whole new
> release?
> // Ola

We usually backport the latest upstream release for Jessie and Stretch.
They have blogged about it here:




 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: