Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Thu, 2007-12-20 at 20:07 +, J. Santos wrote: > So, i would like to thank all those who toke the time to clarify this > matter. > Thank you all. I would also like to add my Thanks to everyone involved. Thank you, -Jim P. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Aneurin Price wrote: > On 12/20/07, Stephen Gran <[EMAIL PROTECTED]> wrote: >> This one time, at band camp, Aneurin Price said: >>> Presumably this means that the main volatile distributions will be >>> updated soon, or have I misunderstood the situation? >> My understanding is that we're waiting on a few more builds before it >> goes out, so yes, that seems correct. I posted the link above because >> you can manually grab the debs yourself and install them if it is >> urgent. The -0volatile2 packages are for sarge, the ~1volatile2 >> packages are for etch. >> > > That's good to hear; thanks for the clarification. > > I was fallowing this subject as i had the same concerns regarding this particular update of clamav. So, i would like to thank all those who toke the time to clarify this matter. Thank you all. -- José Santos [EMAIL PROTECTED] http://goodbye-microsoft.com/ http://www.ftml.net/mail/?STKI=1516747 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On 12/20/07, Stephen Gran <[EMAIL PROTECTED]> wrote: > This one time, at band camp, Aneurin Price said: > > Presumably this means that the main volatile distributions will be > > updated soon, or have I misunderstood the situation? > > My understanding is that we're waiting on a few more builds before it > goes out, so yes, that seems correct. I posted the link above because > you can manually grab the debs yourself and install them if it is > urgent. The -0volatile2 packages are for sarge, the ~1volatile2 > packages are for etch. > That's good to hear; thanks for the clarification. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Hi! > - Original Message > From: Aneurin Price <[EMAIL PROTECTED]> > To: Forrest Houston <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED]; debian-security <debian-security@lists.debian.org> > Sent: Friday, December 21, 2007 9:55:05 AM > Subject: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several > vulnerabilities > > On 12/20/07, Forrest Houston <[EMAIL PROTECTED]> wrote: > > On Thu, 20 Dec 2007, Stephen Gran wrote: > > > Whenever I run freshclam I get an error about being on version 0.91.2 and > > 0.92 is what I should be running. When I follow the recommended link > > there doesn't seem to be a new package available. I thought I had gone > > through this process once before by adding this to /etc/apt/sources > > > > deb http://volatile.debian.org/debian-volatile etch/volatile main contrib > > non-free > > > > However when I do an "apt-get update" (during which volatile is listed) > > and then "apt-get upgrade" or "apt-get install clamav" I get a message > > that I'm running the latest version. What am I missing? > > > > I have the same thing (except I'm running sarge). Looking at the > volatile repository, it appears that the updated version of clamav is > in (sarge|etch)-proposed-updates. > > Presumably this means that the main volatile distributions will be > updated soon, or have I misunderstood the situation? > The same happened when they updated tzdata, and it took around 24 hours to move from "proposed-updates" to main volatile. I think it should be about the same here. c-ya! Ildefonso Camargo Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
This one time, at band camp, Aneurin Price said: > Presumably this means that the main volatile distributions will be > updated soon, or have I misunderstood the situation? My understanding is that we're waiting on a few more builds before it goes out, so yes, that seems correct. I posted the link above because you can manually grab the debs yourself and install them if it is urgent. The -0volatile2 packages are for sarge, the ~1volatile2 packages are for etch. Take care, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On 12/20/07, Forrest Houston <[EMAIL PROTECTED]> wrote: > On Thu, 20 Dec 2007, Stephen Gran wrote: > Whenever I run freshclam I get an error about being on version 0.91.2 and > 0.92 is what I should be running. When I follow the recommended link > there doesn't seem to be a new package available. I thought I had gone > through this process once before by adding this to /etc/apt/sources > > deb http://volatile.debian.org/debian-volatile etch/volatile main contrib > non-free > > However when I do an "apt-get update" (during which volatile is listed) > and then "apt-get upgrade" or "apt-get install clamav" I get a message > that I'm running the latest version. What am I missing? > I have the same thing (except I'm running sarge). Looking at the volatile repository, it appears that the updated version of clamav is in (sarge|etch)-proposed-updates. Presumably this means that the main volatile distributions will be updated soon, or have I misunderstood the situation? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Thu, 20 Dec 2007, Stephen Gran wrote: This one time, at band camp, Jim Popovitch said: On Thu, 2007-12-20 at 01:12 +, Stephen Gran wrote: This one time, at band camp, Dominic Hargreaves said: Are there any updates planned for sarge in volatile.debian.org? Yes, and they're uploaded. Where? http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav/ -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - Apologies if this is the wrong place for the question. I'm still relatively new to the debian world and trying to get a feel for what's what/what's where. Whenever I run freshclam I get an error about being on version 0.91.2 and 0.92 is what I should be running. When I follow the recommended link there doesn't seem to be a new package available. I thought I had gone through this process once before by adding this to /etc/apt/sources deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free However when I do an "apt-get update" (during which volatile is listed) and then "apt-get upgrade" or "apt-get install clamav" I get a message that I'm running the latest version. What am I missing? Thanks Forrest -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
This one time, at band camp, Jim Popovitch said: > On Thu, 2007-12-20 at 01:12 +, Stephen Gran wrote: > > This one time, at band camp, Dominic Hargreaves said: > > > > > > Are there any updates planned for sarge in volatile.debian.org? > > > > Yes, and they're uploaded. > > Where? http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav/ -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Thu, 2007-12-20 at 01:12 +, Stephen Gran wrote: > This one time, at band camp, Dominic Hargreaves said: > > > > Are there any updates planned for sarge in volatile.debian.org? > > Yes, and they're uploaded. Where? -Jim P. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
This one time, at band camp, Dominic Hargreaves said: > > Are there any updates planned for sarge in volatile.debian.org? Yes, and they're uploaded. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Wed, Dec 19, 2007 at 06:38:04PM +0100, Moritz Muehlenhoff wrote: > Package: clamav > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2007-6335 CVE-2007-6336 > The old stable distribution (sarge) is not affected by these problems. > However, since the clamav version from Sarge cannot process all current > Clam malware signatures any longer, support for the ClamAV in Sarge is > now discontinued. We recommend to upgrade the the stable distribution > or run a backport of the stable version. Are there any updates planned for sarge in volatile.debian.org? Thanks, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]