Your message dated Sat, 19 Jun 2021 10:56:39 +0100 with message-id <5c65c3ad2ac9b1b1f78bf73b1cf073041e619b51.camel@adam-barratt.org.uk> and subject line Closing p-u requests for fixes included in 10.10 point release has caused the Debian Bug report #987038, regarding buster-pu: package clamav/0.103.2+dfsg-0+deb10u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 987038: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987038 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Fri, 16 Apr 2021 09:27:07 +0200
- Message-id: <20210416072707.szh3blp55zgxj3sd@flow>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: buster Severity: normal This is an update from ClamAV from 0.102.4 to 0.103.2. The 103 release was in unstable since the beginning. I skipped it for Buster back then because the 102 based release recevied a security update and it appeared to contain the important bits. Now, with the 103.2 release there is no update for the 102 based release. At least one CVE was identified as also affecting Buster. There is also another change regarding "memory leak in PNG parser" which has no attribution and a memory leak in clamav, which is often in an email setup scanning incomming mail, could be exploited and brining the system to an OOM condition and hopefully killing only the clamav daemon. Looking further, I identified two changes https://github.com/Cisco-Talos/clamav-devel/commit/ba6467a6a6f7d749f3011c38e76573c75676e37f https://github.com/Cisco-Talos/clamav-devel/commit/1a8b164b4f513460c8334521f0797aaf81d15699 which fix two leaks which also apply to the version currently in Buster. I didn't look further… The 103.2 release also received updates regarding freshclam including improved error codes handling. Probably related to CDN, they are using. The "safebrowsing" has been disabled in clamav. It has been announced half a year ago [0] and they are asking [1] now to finally disable it as the file is now no longer served. The current release disables it and removes it from the config file (and debconf templates). Testing wise the 103.0 release landed last October in unstable and we managed to fix various apparmor related issue since. I'm not aware of any issues so far. I upload recently 103.2 to unstable and uploaded an update yesterday after noticing that the postinst script still enables the safebrowsing option (my clunky eyes didn't see it earler). This change is also part of the propsed Buster version. I had it deployed on a server for two+ days now. One last disclosure: The clamav daemon now supports reloading the database without blocking. The advantage is that email scanning isn't blocked while the database is reloaded. The disadvantage is that it consumes more memory as it prepares the new database in memory and after it is done, it switches over and releases the old one. [0] https://blog.clamav.net/2020/06/the-future-of-clamav-safebrowsing.html [1] https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html Sebastian
--- End Message ---
--- Begin Message ---
- To: 934206-done@bugs.debian.org, 982996-done@bugs.debian.org, 983110-done@bugs.debian.org, 984604-done@bugs.debian.org, 985791-done@bugs.debian.org, 985792-done@bugs.debian.org, 985943-done@bugs.debian.org, 986001-done@bugs.debian.org, 986014-done@bugs.debian.org, 986112-done@bugs.debian.org, 986224-done@bugs.debian.org, 986673-done@bugs.debian.org, 987038-done@bugs.debian.org, 987042-done@bugs.debian.org, 987048-done@bugs.debian.org, 987164-done@bugs.debian.org, 987210-done@bugs.debian.org, 987246-done@bugs.debian.org, 987489-done@bugs.debian.org, 987494-done@bugs.debian.org, 987529-done@bugs.debian.org, 987531-done@bugs.debian.org, 987548-done@bugs.debian.org, 987719-done@bugs.debian.org, 987725-done@bugs.debian.org, 987726-done@bugs.debian.org, 987731-done@bugs.debian.org, 987859-done@bugs.debian.org, 987958-done@bugs.debian.org, 988255-done@bugs.debian.org, 988314-done@bugs.debian.org, 988365-done@bugs.debian.org, 988453-done@bugs.debian.org, 988454-done@bugs.debian.org, 988455-done@bugs.debian.org, 988482-done@bugs.debian.org, 988492-done@bugs.debian.org, 988508-done@bugs.debian.org, 988936-done@bugs.debian.org, 988962-done@bugs.debian.org, 988974-done@bugs.debian.org, 988977-done@bugs.debian.org, 989023-done@bugs.debian.org, 989024-done@bugs.debian.org, 989129-done@bugs.debian.org, 989132-done@bugs.debian.org, 989420-done@bugs.debian.org, 989422-done@bugs.debian.org, 989509-done@bugs.debian.org, 989623-done@bugs.debian.org, 989668-done@bugs.debian.org, 989701-done@bugs.debian.org, 989702-done@bugs.debian.org, 989768-done@bugs.debian.org, 989772-done@bugs.debian.org
- Subject: Closing p-u requests for fixes included in 10.10 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 19 Jun 2021 10:56:39 +0100
- Message-id: <5c65c3ad2ac9b1b1f78bf73b1cf073041e619b51.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 10.10 Hi, Each of the updates referenced in these bugs was included in the 10.10 point release today. Regards, Adam
--- End Message ---