Re: clamav triage (updated via -updates)

To: Hugo Lefeuvre <hle@debian.org>
Cc: team@security.debian.org, debian-lts@lists.debian.org
Subject: Re: clamav triage (updated via -updates)
From: Holger Levsen <holger@layer-acht.org>
Date: Sat, 10 Aug 2019 09:27:03 +0000
Message-id: <[🔎] 20190810092636.ynwwbkje2ennniiz@layer-acht.org>
In-reply-to: <[🔎] 20190810080338.GC9353@behemoth.owl.eu.com.local>
References: <[🔎] 20190810080338.GC9353@behemoth.owl.eu.com.local>

hi,

On Sat, Aug 10, 2019 at 10:03:38AM +0200, Hugo Lefeuvre wrote:
> I am taking a look at clamav's zip bomb issue[0] in jessie. This issue is
> no-dsa in buster/stretch: "ClamAV is updated via -updates".
> 
> What is this -updates mechanism? I might have missed something, does clamav
> have an auto-update mechanism?

that's stable-updates, not security updates. stable-updates is
maintained by the stable release managers as well, but unlike point
releases those updates are issued at any time and usually used for very
few packages only, eg. tzdata is another regular candidate for them.

-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- clamav triage (updated via -updates)
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: clamav triage (updated via -updates)
Next by Date: Re: clamav triage (updated via -updates)
Previous by thread: clamav triage (updated via -updates)
Next by thread: Re: clamav triage (updated via -updates)
Index(es):
- Date
- Thread