hi, On Sat, Aug 10, 2019 at 10:03:38AM +0200, Hugo Lefeuvre wrote: > I am taking a look at clamav's zip bomb issue[0] in jessie. This issue is > no-dsa in buster/stretch: "ClamAV is updated via -updates". > > What is this -updates mechanism? I might have missed something, does clamav > have an auto-update mechanism? that's stable-updates, not security updates. stable-updates is maintained by the stable release managers as well, but unlike point releases those updates are issued at any time and usually used for very few packages only, eg. tzdata is another regular candidate for them. -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature