Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2

To: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>, 904199@bugs.debian.org
Subject: Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 28 Jul 2018 09:24:28 +0100
Message-id: <[🔎] 1532766268.3030.241.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 904199@bugs.debian.org
In-reply-to: <[🔎] 20180721130212.w3q3vwwfdrlhjgpt@breakpoint.cc>
References: <[🔎] 20180721130212.w3q3vwwfdrlhjgpt@breakpoint.cc> <[🔎] 20180721130212.w3q3vwwfdrlhjgpt@breakpoint.cc>

On Sat, 2018-07-21 at 15:02 +0200, Sebastian Andrzej Siewior wrote:
> clamav upstream published a new version which contains security
> relevant bug fixes, two of them have a CVE number assigned:
> 
> CVE-2018-0360
> 	HWP integer overflow, infinite loop vulnerability. Reported by
> Secunia
> 	Research at Flexera.
> 
> CVE-2018-0361
> 	ClamAV PDF object length check, unreasonably long time to parse
> 	relatively small file. Reported by aCaB.

Was the intent that the package would be pushed via -updates?

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

References:
- Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
  - From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Prev by Date: Processed: Re: Bug#903853: transition: removal of nepomuk support from src:kde4libs
Next by Date: Bug#904774: stretch-pu: package sympa/6.2.16~dfsg-3+deb9u1
Previous by thread: Processed: clamav 0.100.1+dfsg-0+deb9u1 flagged for acceptance
Next by thread: Bug#904199: stretch-pu: package clamav/ 0.100.0+dfsg-0+deb9u2
Index(es):
- Date
- Thread