[Bug 1923831] Re: Sync clamav 0.103.2+dfsg-1 (main) from Debian unstable (main)
1923831 at bugs.launchpad.net
Wed Apr 14 11:58:52 UTC 2021
I agree that the CVEs will be needed.
But 103.2 also includes the next step in disabling safe browsing
That might be ok as upstream can't provide the data anyway, but still worth to think.
Also a bunch of other changes, but all fixes.
But we shouldn't miss that this also includes all of
That added a few features (none dropped gladly), and much more fixes.
Now on a normal package I'd say "that seems too much for a late sync".
But we have to take into account that clamav isn't normal.
Security does regularly full version sync/backports to the former Ubuntu versions.
So if it is ok to push all these post-release, then I see no blocker in
fetching all these good changes now - even if it is late. If it fails to
complete/build/migrate it will still be pushed to all supported releases
a bit later.
I hope you all can follow my agrumentation ... syncing it now.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1252
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1404
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-1405
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
Sync clamav 0.103.2+dfsg-1 (main) from Debian unstable (main)
Status in clamav package in Ubuntu:
Please sync clamav 0.103.2+dfsg-1 (main) from Debian unstable (main).
The update fixes 3 new vulnerabilities and some other misc fixes.
IOW: it's probably important to update the package and hence the sync request
Changelog entries since current hirsute version 0.103.0+dfsg-3.1:
clamav (0.103.2+dfsg-1) unstable; urgency=medium
* Import 0.103.2
- CVE-2021-1252 (Fix for Excel XLM parser infinite loop.)
- CVE-2021-1404 (Fix for PDF parser buffer over-read; possible crash.)
- CVE-2021-1405 (Fix for mail parser NULL-dereference crash.)
- Update symbol file.
-- Sebastian Andrzej Siewior <sebastian at breakpoint.cc> Mon, 12 Apr
2021 21:31:08 +0200
To manage notifications about this bug go to:
More information about the Ubuntu-sponsors