[Bug 673654] Re: Upcoming clamav release with security fixes

Steve Beattie sbeattie at ubuntu.com
Wed Dec 8 21:12:19 GMT 2010


Hi Serge,

I've gone ahead and uploaded clamav packages to the ubuntu-security-
proposed ppa at https://launchpad.net/~ubuntu-security-
proposed/+archive/ppa/ ; please test and report feedback here.

In doing so, I ran in to a few issues with your debdiff, mostly having
to do with your changelog entries:

1) security fixes for RELEASE need to be targeted for the RELEASE-
security pocket (e.g. maverick-security rather than just maverick)
rather than just RELEASE as you would for the release under development.
(Similarly, for non-security Stable Release Updates, you'd target to the
RELEASE-proposed pocket; they get later copied once approved to the
RELEASE-updates pocket.)

2) the maverick debdiff was against the version in maverick, not the
version in maverick-updates, and thus failed to apply. When performing
security updates, our policy is to apply them on top of the latest
existing versions in RELEASE-security or RELEASE-updates, whichever is
higher. I also adjusted the versioning. See
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging for
more information about our policies here.

3) I adjusted your changelog entry to include the CVE identifiers, a
reference to this bug report, and direct URL references to the cherry-
picked upstream patches to ease people researching the issue based on
the changelog and debdiff.

Thanks!

** Changed in: clamav (Ubuntu Lucid)
       Status: Triaged => Fix Committed

** Changed in: clamav (Ubuntu Maverick)
       Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
https://bugs.launchpad.net/bugs/673654

Title:
  Upcoming clamav release with security fixes



More information about the Ubuntu-server-bugs mailing list