[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ClamAV update to 0.97 for Lenny (oldstable)

Hi all,

> On Sat, Mar 12, 2011 at 08:11:27AM -0800, tabris wrote:
> > On 2/25/11 6:56 AM, Camaleón wrote:
> > > I just have read this notice:
> > >
> > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1003
> > >
> > > And wonder if it is foreseen an update for Lenny's ClamAV to 0.97 that
> > > has fixed this vulnerability.
> > I'd like to ask the exact same question, except for squeeze.
> > 
> > Seems that 0.97 isn't even in stable-proposed-updates, let alone the new
> > stable-updates that is supposed to replace volatile.
> > 
> > I have a feeling that we as a community have been cheated by the promise
> > of volatile being deprecated and replaced by the new -updates suite.
> Yay for conspiracy.  It's not exactly surprising that there's a bit of friction
> when policies change.  I hope [0] makes it clear to the developers what
> -updates is for.  (I.e. also a clamav update.  In this case I do wonder,
> though, why there's not a security update like it was discussed with at
> least one security team member at DebConf.  But I guess it's just that
> everyone including the ClamAV team was incredibly busy at that time.)

Yes, so it happens that people are busy with other stuff. We (as ClamAV team)
are glad to receive even help from upstream, but nevertheless preparing and
testing packages for three releases in parallel isn't always trivial.

Sorry for taking way too much time to get this fixed, but a few moments ago the
version targeted at stable-updates was uploaded. Pending I got everything right,
it will be processed by archive management software real soon.

Best regards,

Attachment: pgp5tPpPuKypJ.pgp
Description: PGP signature

Reply to: