Hi,
I've spent a couple of hours working on ClamAV since yesterday. I have
backported Sebastian Andrzej Siewior's work to jessie, and tested it. Fine
so far, this fixes a couple of issues including the Zip bomb ones.
Problem: we're backporting 0.101.4 to jessie. This implies an ABI bump and
unless I am mistaken requires uploads for a few reverse dependencies:
- python-pyclamav
- havp
- dansguardian
- libc-icap-mod-virus-scan
This work has already been done for stretch, so we should be able to
backport it to jessie. Still, I'm going to spend quite some time on it...
I'd like to know what you think about this, and if you can think of any
alternative/less time consuming solution.
(cherry picking changes does not seem reasonable to me)
regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature