Hi all --
I'm curious about what expectations I should have for a resolution to Debian bug report #1080962. My situation is, I operate a number of Debian-based systems at a US Federal Government facility, and their ClamAV systems have been flagged as vulnerable by a third-party vulnerability asessment tool, which means that the situation has high visibility, and that there is considerable pressure on me to remediate this quickly, one way or another. Historically, the Debian package maintainers have been amazing about getting patches out, and if this is in the works, then I am happy to wait. I have seen the relevant info on the security tracker hits: > https://security-tracker.debian.org/tracker/source-package/clamav > https://security-tracker.debian.org/tracker/CVE-2024-20506 > https://security-tracker.debian.org/tracker/CVE-2024-20505 ... where it's listed as a "minor issue" for Bullseye, and "No DSA" for Bookworm, with a deferral to -updates. This suggests the situation is that I should not expect a Debian-packaged resolution for Bullseye, but could perhaps expect one for Bookworm, with the caveat that as far as I can tell, there is currently not a resolved package in the bookworm-updates channel. Please don't misunderstand, it's not my intention to tell you what your priorities should be, I'm just trying to identify a path forward for my own administratively-constrained environment. In the absence of a Debian-packaged solution, I can change to a different AV provider, build a resolved version of ClamAV from source, or pursue other higher-effort solutions, but if a Debian-packaged solution is in the offing, then that info would inform the choice. Thanks, not only for reading, but for all the amazing work you and all Debian maintainers do! -- A. -- Dr. Andrew C. E. Reid Physical Scientist, Computer Operations Administrator Center for Theoretical and Computational Materials Science National Institute of Standards and Technology, Mail Stop 8555 Gaithersburg MD 20899 USA [email protected] _______________________________________________ Pkg-clamav-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel
