On Sat, Mar 12, 2011 at 08:11:27AM -0800, tabris wrote: > On 2/25/11 6:56 AM, Camaleón wrote: > > I just have read this notice: > > > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1003 > > > > And wonder if it is foreseen an update for Lenny's ClamAV to 0.97 that > > has fixed this vulnerability. > I'd like to ask the exact same question, except for squeeze. > > Seems that 0.97 isn't even in stable-proposed-updates, let alone the new > stable-updates that is supposed to replace volatile. > > I have a feeling that we as a community have been cheated by the promise > of volatile being deprecated and replaced by the new -updates suite. Yay for conspiracy. It's not exactly surprising that there's a bit of friction when policies change. I hope [0] makes it clear to the developers what -updates is for. (I.e. also a clamav update. In this case I do wonder, though, why there's not a security update like it was discussed with at least one security team member at DebConf. But I guess it's just that everyone including the ClamAV team was incredibly busy at that time.) Kind regards Philipp Kern [0] http://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
Attachment:
signature.asc
Description: Digital signature