[clamav-users] CVE-2017-6419 patched in 0.99.3?

Micah Snyder (micasnyd) micasnyd at cisco.com
Mon Jan 29 14:01:40 UTC 2018

This was an oversight on my part.  I recently took over the lead developer role for ClamAV.   I made an effort to address a set up vulns that were approaching the traditional 90 day disclosure window.  As I was preparing the patch, I was informed that there were a couple of other missing CVE patches so I applied them to 0.99.3.

Unfortunately, I didn’t realize there were others that had been neglected before I joined.  I am sorry and will address them asap for the next 0.99.3 patch release.


Micah Snyder
Software Engineer
Cisco Systems, Inc.

On Jan 28, 2018, at 3:25 PM, Marcus Schopen <lists at localguru.de<mailto:lists at localguru.de>> wrote:


does anyone know why the CVE-2017-6419 patch is not part of 0.99.3?


clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>

Help us build a comprehensive ClamAV guide:


More information about the clamav-users mailing list