> CVE-2021-1252 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252>: > Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.
Debian's security tracker claims that stretch and buster are vulnerable. According to the clamav announcement and CVE they shouldn't be.
> CVE-2021-1405 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405>: > Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior. The clamav announcement and CVE are inconsistent whether 0.102 is affected.
