[clamav-users] ClamAV CVE's

Matus UHLAR - fantomas uhlar at fantomas.sk
Sat Aug 24 03:10:51 EDT 2019


>> On 22.08.19 16:12, Chris Pollock via clamav-users wrote:
>> > The most current version is ClamAV 0.100.3 for Ubuntu 18.04.3 LTS.
>> > Is
>> > there a list of CVE's that I can reference in a bug report to try
>> > and
>> > get ClamAV updated to the latest version?

>On Fri, 2019-08-23 at 18:47 +0200, Matus UHLAR - fantomas wrote:
>> Debian has this:
>>
>> https://security-tracker.debian.org/tracker/source-package/clamav
>> ...which currently only links to:
>> https://security-tracker.debian.org/tracker/CVE-2019-12625
>>
>> and ubuntu has this:
>>
>> https://people.canonical.com/~ubuntu-security/cve/pkg/clamav.html
>> ...which currently only links to:
>>
>https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html
>>
>> I haven't looked what the "needs-triage" means.

On 23.08.19 15:28, Chris Pollock via clamav-users wrote:
>Hi Matus, I believe this actually relates to the 0.100.3 release.
>
>https://launchpad.net/ubuntu/bionic/+source/clamav
>
>Here's the bug report I did back in March of this year to get the
>update done. I'll go in and file a new one this afternoon to see about
>getting it updated to the most current release.
>
>https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1822503

the first vulnerability mentioned there is CVE-2019-1787.

debian reports it fixed in debian packages:
https://security-tracker.debian.org/tracker/CVE-2019-1787

I believe it's the same for ubuntu packages:
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1787

I haven't looked at the rest of vulnerabilities, they may be still present
(e.g. ignored because evaluated as minor or not applicable).

What I want to say is, that whole fact about debian and ubuntu having older
than newest clamav packages does NOT mean that the security bugs are not
fixed there.

What was already mentioned is that distribution packagers do backport fixes
to older versions to prevent incompatibilities introduced by newer packages,
pretty summarised here:

https://lists.clamav.net/pipermail/clamav-users/2019-August/008248.html


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your system's speed by 500% - DEL C:\WINDOWS\*.*


More information about the clamav-users mailing list