Re: Need to track clamav vulnerability

To: "Michael Gilbert" <michael.s.gilbert@gmail.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Need to track clamav vulnerability
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 04 Dec 2008 08:14:41 +0100
Message-id: <[🔎] 87k5agv2ce.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 8e2a98be0812031947o1a4a31e1s4f62b883cb5f23f@mail.gmail.com> (Michael Gilbert's message of "Wed, 3 Dec 2008 22:47:57 -0500")
References: <[🔎] 8e2a98be0812031947o1a4a31e1s4f62b883cb5f23f@mail.gmail.com>

* Michael Gilbert:

> there is currently an unpatched vulnerability in clamav (stable and
> testing) which has yet to receive a cve id.  the bug has been
> submitted to the debian bts [1], but it has not yet been entered into
> the security tracker.  please update the tracker to include this
> issue.

It's already been there for a couple of hours.  It's CVE-2008-5314.

> btw, would it be possible/worthwhile to automate tracker updates by
> parsing/scraping the bug database for bugs tagged security?

This will lead to a lot of noise because people set it overeagerly
when reporting bugs.  Something to compare the database with the BTS
would definitely be welcome, but automatic import ist not feasible,
IMHO.

Reply to:

Follow-Ups:
- Re: Need to track clamav vulnerability
  - From: Nico Golde <nico@ngolde.de>
- Re: Need to track clamav vulnerability
  - From: "Michael Gilbert" <michael.s.gilbert@gmail.com>

References:
- Need to track clamav vulnerability
  - From: "Michael Gilbert" <michael.s.gilbert@gmail.com>

Prev by Date: Need to track clamav vulnerability
Next by Date: Re: Need to track clamav vulnerability
Previous by thread: Need to track clamav vulnerability
Next by thread: Re: Need to track clamav vulnerability
Index(es):
- Date
- Thread