Re: clamav?

To: Markus Koschany <apo@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: clamav?
From: Ola Lundqvist <ola@inguza.com>
Date: Sun, 31 Mar 2019 16:39:50 +0200
Message-id: <[🔎] CABY6=0=DT3ZvS6-WYW-XJwaXge88QE4O7h1Dfsf2WW0+QcEkeQ@mail.gmail.com>
In-reply-to: <[🔎] a7ed8f95-e88d-b95f-ae95-7650eb72f706@debian.org>
References: <[🔎] CABY6=0=0SyxYs_o2wb1nu5+bPWANwJ0F9J4BeT5KKPfbR7A8HQ@mail.gmail.com> <[🔎] a7ed8f95-e88d-b95f-ae95-7650eb72f706@debian.org>

Hi Markus

Thank you.

Looks like we should mark CVE-2019-1786, CVE-2019-1785 and CVE-2019-1798 as not affecting jessie since it is a vulnerability that was introduced in 0.101.0.

Or do I misunderstand something?

// Ola

On Sun, 31 Mar 2019 at 16:34, Markus Koschany <apo@debian.org> wrote:

Hi Ola,

Am 31.03.19 um 16:19 schrieb Ola Lundqvist:
> Hi Markus (and the rest of the LTS team)
>
> I saw that you added clamav to data/dla-needed.txt. Do you have more
> information about these CVEs?
> Do you know if it is the fuzzes mentioned here?
> https://github.com/Cisco-Talos/clamav-devel/commits
>
> Also should we backport these fixes or simply backport the whole new
> release?
>
> // Ola

We usually backport the latest upstream release for Jessie and Stretch.
They have blogged about it here:

https://blog.clamav.net/

Cheers,

Markus

--- Inguza Technology AB --- MSc in Information Technology ----

| ola@inguza.com opal@debian.org |

| http://inguza.com/ Mobile: +46 (0)70-332 1551 |

---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: clamav?
  - From: Ola Lundqvist <ola@inguza.com>

References:
- clamav?
  - From: Ola Lundqvist <ola@inguza.com>
- Re: clamav?
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: clamav?
Next by Date: Re: clamav?
Previous by thread: Re: clamav?
Next by thread: Re: clamav?
Index(es):
- Date
- Thread