Mapper ict department wrote: > DSA-1680-1 clamav -- buffer overflow, stack consumption > Date Reported: 04 Dec 2008 > In the Debian bugtracking system: Bug 505134, Bug 507624. > In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314. [snip] > We have the volatile archive in the apt-get sources list: > > http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free > > But the fix is nor queued nor downloaded. > > Isn't it so that apt-get always checks for updates and fixes from programs > previously installed by apt-get? (I guess that is the case with us because > the current version appears with dpkg -l). Have you security support activated for your apt? Add the line deb http://security.debian.org/ stable/updates main to your /etc/apt/sources.list (as described in the security announcement). HTH, Johannes
Attachment:
signature.asc
Description: OpenPGP digital signature