[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ClamAV update to 0.97 for Lenny (oldstable)

On Sat, Mar 12, 2011 at 08:11:27AM -0800, tabris wrote:
> On 2/25/11 6:56 AM, Camaleón wrote:
> > I just have read this notice:
> >
> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1003
> >
> > And wonder if it is foreseen an update for Lenny's ClamAV to 0.97 that
> > has fixed this vulnerability.
> I'd like to ask the exact same question, except for squeeze.
> Seems that 0.97 isn't even in stable-proposed-updates, let alone the new
> stable-updates that is supposed to replace volatile.
> I have a feeling that we as a community have been cheated by the promise
> of volatile being deprecated and replaced by the new -updates suite.

Yay for conspiracy.  It's not exactly surprising that there's a bit of friction
when policies change.  I hope [0] makes it clear to the developers what
-updates is for.  (I.e. also a clamav update.  In this case I do wonder,
though, why there's not a security update like it was discussed with at
least one security team member at DebConf.  But I guess it's just that
everyone including the ClamAV team was incredibly busy at that time.)

Kind regards
Philipp Kern

[0] http://lists.debian.org/debian-devel-announce/2011/03/msg00010.html

Attachment: signature.asc
Description: Digital signature

Reply to: