Hi MarkusThank you.Looks like we should mark CVE-2019-1786, CVE-2019-1785 and CVE-2019-1798 as not affecting jessie since it is a vulnerability that was introduced in 0.101.0.Or do I misunderstand something?// OlaOn Sun, 31 Mar 2019 at 16:34, Markus Koschany <apo@debian.org> wrote:Hi Ola,
Am 31.03.19 um 16:19 schrieb Ola Lundqvist:
> Hi Markus (and the rest of the LTS team)
>
> I saw that you added clamav to data/dla-needed.txt. Do you have more
> information about these CVEs?
> Do you know if it is the fuzzes mentioned here?
> https://github.com/Cisco-Talos/clamav-devel/commits
>
> Also should we backport these fixes or simply backport the whole new
> release?
>
> // Ola
We usually backport the latest upstream release for Jessie and Stretch.
They have blogged about it here:
https://blog.clamav.net/
Cheers,
Markus
----- Inguza Technology AB --- MSc in Information Technology ----| http://inguza.com/ Mobile: +46 (0)70-332 1551 |---------------------------------------------------------------