Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

On Wed, 2023-09-13 at 22:01 +0200, Sebastian Andrzej Siewior wrote:
> On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> > How does this sound for an SUA?
[...]
> This sounds entirely fine to me. I don't think that it is needed to
> point out that bullseye is not affected by the second issue.
> 

Great, thanks.

> There is also this thing regarding libclamunrar and the update to
> v6.2.10 of the bundled libbrary. I *think* it is related to
> CVE-2023-40477. Since unrar itself is only in -pu I think it is okay
> for libclamunar to follow the same fate.
> 

Just to be completely sure, "follow the same fate" here means leaving
libclamunrar in (o-)p-u until the point releases?

I assume the bundled library isn't used as-is in the Debian packaging,
that being why libclamunrar exists.

Regards,

Adam