Re: [clamav-users] Recent patch release questions

[Val Snyder (micasnyd) via clamav-users]

Hi Zak,

The beta is affected by the two CVE's and the lzma-sdk bug.

We don't generally recommend running betas or event release candidates in 
production and provide them for community testing purposes.
We're working towards providing a 1.5 stable release which will include those 
bug fixes.

Best,
Val


Val Snyder (she/they)
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Zakaria 
via clamav-users <clamav-users@lists.clamav.net>
Sent: Friday, June 20, 2025 5:51 PM
To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>
Cc: Zakaria <hi@zakaria.website>
Subject: [clamav-users] Recent patch release questions

[https://api.zakaria.website/users/hi@zakaria.website/4427792a78f09baddadac1a694b9983e@zakaria.website/32e142c13fa30dd6fc4a06.png]
Hi All,

I just have two questions, but first I want thank ClamAV team and contributors 
for all their efforts while I can sense the difficutlies in particular the dev 
team go through to publish a release, and its very much appreciated. Once more 
thanks so much for all your work 😭🤭😅🥰.

My question is about ClamAV 1.5 Beta and I wonder if it is affected by the 
following CVEs:-

CVE-2025-20260
CVE-2025-20234

I just felt a little disheartened having to downgrade from 1.5 Beta to 1.4.3, 
and I hope isn't affected so I dont have to downgrade.

I looked at the source code and it seems like its affected and if this 
conclusion is true, does anyone have any idea when 1.5 Beta will be patched?

Looking forward for any answers, with thanks.

Zak.


_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat