pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg_admin audit: false alarm for clamav-0.99.2 (CVE-2016-1405)?
perhaps another one, but the situation is less clear this time:
Package clamav-0.99.2nb3 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1405
This CVE is not mentioned in the changelogs for 0.99.2, but at least
Ubuntu claims that they fixed it by upgrading to upstream 0.99.2 (from
0.98.1): https://www.ubuntu.com/usn/usn-3093-1/
But they don't seem to know for sure what exactly caused/fixed the
vulnerability ("still no details as to what the fix is as of
2016-08-31"):
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1405.html
Does anybody know for sure?
Matthias
Home |
Main Index |
Thread Index |
Old Index