Control: unfixed 888484 0.99.3~beta2+dfsg-1
Control: fixed 888511 0.99.3~beta2+dfsg-1
Hi
>>
>> We've have started seeing unexpected clamd crashes on a high-traffic mail
>> system today, though I've been unable to isolate a test case. It's seems like
>> too much of a coincidence that these crashes start happening the day after a
>> security release was announced. We've implemented mitigations but an updated
>> package would be even better.
>
> I *think* the crashes you obsereved might be due to FD desc issue. This
> was fixed in Stretch by chance but not in Jessie. However the remaining
> CVEs were not addressed yet and I'm looking into it…
>
> [0]
> http://blog.clamav.net/2018/01/update-on-recent-file-descriptors-issue.html
Indeed. There is a separate Bug#888511 for that, I have migrated the fixed
Version above to avoid confusion.
Are you sure about the Stretch thing? Stretch contains 0.99.2 which should be
affected by this bug. But I’m not 100% sure, as all my high traffic mail
gateways are still running Jessie.
According to reports 0.99.3~beta2 was indeed not affected by the signature bug,
so Buster/Sid where fine. What makes things even more confusing is that 0.99.3
does not contain this fix, because 0.99.3 is 0.99.2+security fixes, while
0.99.3~beta was a development tree that is now called 0.100 :-(
http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html
Upstream announcement suggests you cannot do a clean switch from 0.99.3~beta to
0.99.3
As previously mentioned, if you downloaded the beta version of ClamAV 0.99.3,
you will need to completely uninstall it and do a fresh install with the
production version of 0.99.3 as there are significant code differences
Bernhard
_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
