[clamav-users] Long Term Support (LTS) program proposal
G.W. Haywood
clamav at jubileegroup.co.uk
Tue Aug 3 17:36:54 UTC 2021
Hi there,
On Tue, 3 Aug 2021, Paul Kosinski via clamav-users wrote:
> On Tue, 3 Aug 2021 07:53:24 +0200
> Damian via clamav-users <clamav-users at lists.clamav.net> wrote:
>
>>> The current "stable" Debian is 10/Buster. It has ClamAV 0.103.2, patched by Debian to "deb10u1" (whatever that implies)
>>
>> https://security-tracker.debian.org/tracker/source-package/clamav
>
>
> Interesting, but *much* more work to figure out how it all relates
> to 0.103.3 than simply building 0.103.3 from source.
Quite so.
> (Has Debian fixed any problems that the ClamAV team hasn't fixed? If
> so, that's scary.)
Nothing serious I think, although this is still uncorrected in 103.3:
https://sources.debian.org/patches/clamav/0.103.2+dfsg-0+deb10u1/0007-unit-tests-Fix-ck_assert_msg-call.patch/
Off their own bat they've done things which weren't done upstream like
making provision for using a 'tomsfastmath' which is provided by the
system instead of it being built into ClamAV; and I guess not fixing
the Windows vulnerability (CVE-2021-1386) was deliberate:
https://sources.debian.org/patches/clamav/0.103.2+dfsg-0+deb10u1/
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
--
73,
Ged.
More information about the clamav-users
mailing list