[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution

Mapper ict department wrote:
> DSA-1680-1 clamav -- buffer overflow, stack consumption
> Date Reported: 04 Dec 2008
> In the Debian bugtracking system: Bug 505134, Bug 507624.
> In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.


> We have the volatile archive in the apt-get sources list:
> http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free
> But the fix is nor queued nor downloaded.
> Isn't it so that apt-get always checks for updates and fixes from programs
> previously installed by apt-get? (I guess that is the case with us because
> the current version appears with dpkg -l).

Have you security support activated for your apt?

Add the line

deb http://security.debian.org/ stable/updates main

to your /etc/apt/sources.list (as described in the security announcement).



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: