On Saturday, April 27, 2013 11:43:08 AM Adam D. Barratt wrote: > Control: tags -1 + pending > > On Thu, 2013-04-25 at 08:53 -0400, Scott Kitterman wrote: > > New clamav release with security fixes, all the usual reasons .... > > > > 0.97.8 > > ------ > > ClamAV 0.97.8 addresses several reported potential security bugs. Thanks > > to Felix Groebert of the Google Security Team for finding and reporting > > these issues. > > Flagged for acceptance in to p-u; thanks. > > I've also aged the unstable upload so we can get the fixes in to wheezy > more quickly. Once that's sorted we can look at an SUA. > > Regards, > > Adam
Here's a rough of the SUA: Debian Stable Updates Announcement SUA 33-1 http://www.debian.org debian-release@lists.debian.org Scott Kitterman April 28th, 2013 ----------------------------------------------------------------------- Package : clamav Version : 0.97.8+dfsg-1~squeeze1 Importance : medium Upstream published version 0.97.8. This is a bugfix release. The changes are not strictly required for operation, but users of the previous version in squeeze may not be able to make use of all current virus signatures and may get warnings. The bug fixes that are part of this release include security-relevant fixes. Felix Groebert of the Google Security Team discovered multiple security issues with clamav. An attacker could use these to cause clamav to crash, resulting in a denial of service, or possibly execute arbitrary code. If you use clamav, we highly recommend you upgrade to this version. [the impact is whishy washy because we don't actually know what the impacts are and no one (AFAICT) is telling] Scott K -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/124284535.Z6PBmCTatC@scott-latitude-e6320