Re: Suitability of additional non-security fix for clamav?
On Sat, Jan 27, 2018 at 05:34:00PM -0500, Roberto C. Sánchez wrote:
> I am in the process of preparing an update for clamav.
>
> I am curious as to what others might think of including an additional
> fix that is not technically security-related. It fixes a rather serious
> bug that causes clamd to crash if a bad virus definition file is
> published. The inclusion of the additional patch in the next wheezy
> update was recommended by a clamav maintainer (Scott Kitterman).
>
> https://bugs.debian.org/824196
> https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=d7ea9385baefece1a1c2ff29c3c57853fa8011cb
>
> Unless there are objections, I plan to include the patch as just a few
> days ago there was a bad virus definition file published that caused
> clamav crashes for many users.
In jessie/stretch clamav is updated via -updates precisely for the
reason that ClamAV needs regular non-security changes to remain
usable. So LTS should definitely be kept updated with the same
standards.
Cheers,
Moritz
Reply to: