[clamav-users] CVE-2017-6419 patched in 0.99.3?

Micah Snyder (micasnyd) micasnyd at cisco.com
Mon Jan 29 14:01:40 UTC 2018


This was an oversight on my part.  I recently took over the lead developer role for ClamAV.   I made an effort to address a set up vulns that were approaching the traditional 90 day disclosure window.  As I was preparing the patch, I was informed that there were a couple of other missing CVE patches so I applied them to 0.99.3.

Unfortunately, I didn’t realize there were others that had been neglected before I joined.  I am sorry and will address them asap for the next 0.99.3 patch release.

Regards,
Micah


Micah Snyder
Software Engineer
Talos
Cisco Systems, Inc.



On Jan 28, 2018, at 3:25 PM, Marcus Schopen <lists at localguru.de<mailto:lists at localguru.de>> wrote:

Hi,

does anyone know why the CVE-2017-6419 patch is not part of 0.99.3?

Ciao!

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list