Hi, CVE-2017-11423 has been reported against libmspack. Clamav in Wheezy is affected because it bundles the libmspack library. Clamav upstream fixed it via https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13 https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96 and I just updated the security-tracker to reflect this. Jessie+ is using the libmspack in the archive so it will be fixed once libmspack is updated.
Sebastian _______________________________________________ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel