Nigel Horne wrote: > Roberto Ullfig wrote: >> Nigel Horne wrote: >>> A vulnerability was identified by Secunia in 0.92.1 relating to the >>> PE module. >>> We immediately disabled this module about a month ago. Since then we >>> have been >>> working on, and produced, a fix which is included in 0.93. 0.93 is >>> due for release >>> very soon, and all users are advised to update to this release with >>> immediate effect. >>> 0.93RC1 does not include the fix. >>> >>> Regards, >>> >> >> By disabling the module do you mean to say that 0.92.1 is not >> vulnerable? Why does CERT say otherwise? > > As soon as we found out about the vulnerability we issued a "dconf" update > to switch off the affected module, upack. All 0.92.1 users are advised to > upgrade to 0.93 immediately.
Oh, and, while we're on the subject, what about 0.88.6? is that version vulnerable? (don't tell me to upgrade -- I haven't been able to get newer versions to compile on Mac OS X 10.4.x) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html