Hi Val,
Thanks for the clarification.
I will make sure to downgrade/upgrade as applying the patches on my own
might not be the best action.
Also, I am very looking forward for 1.5 official release.
With thanks.
Zak.
On 2025-06-22 04:07, Val Snyder (micasnyd) wrote:
Hi Zak,
The beta is affected by the two CVE's and the lzma-sdk bug.
We don't generally recommend running betas or event release
candidates in production and provide them for community testing
purposes.
We're working towards providing a 1.5 stable release which will
include those bug fixes.
Best,
Val
Val Snyder (she/they)
ClamAV Development
Talos
Cisco Systems, Inc.
-------------------------
From: clamav-users on behalf
of Zakaria via clamav-users
Sent: Friday, June 20, 2025 5:51 PM
To: [email protected]
Cc: Zakaria
Subject: [clamav-users] Recent patch release questions
Hi All,
I just have two questions, but first I want thank ClamAV team and
contributors for all their efforts while I can sense the difficutlies
in particular the dev team go through to publish a release, and its
very much appreciated. Once more thanks so much for all your work
ðŸ˜ðŸ¤ðŸ˜…🥰.
My question is about ClamAV 1.5 Beta and I wonder if it is affected by
the following CVEs:-
CVE-2025-20260
CVE-2025-20234
I just felt a little disheartened having to downgrade from 1.5 Beta to
1.4.3, and I hope isn't affected so I dont have to downgrade.
I looked at the source code and it seems like its affected and if this
conclusion is true, does anyone have any idea when 1.5 Beta will be
patched?
Looking forward for any answers, with thanks.
Zak.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
