On Wed, 22 Sep 2010 10:14:57 -0500 George Kasica <george_kas...@mgic.com> wrote: > > Tomaz: > > Typical issues as in the past...first no clue it was coming out(no > release candidate no announcement)...it just appeared, no idea it would > have issues with bzip2,
0.96.3 is a security release, which fixes an integer overflow in the bzip2 library (we use a modified version of this lib in the NSIS unpacker). It also detects whether or not your local libbz2 (which we use to handle .bz2 files) is affected by this problem and prints a warning if needed. > and STILL no fix to bzip2 RPMs for the Fedora Core 13 platform Well, we have no control over those RPMs.. >(we had to compile from a tar.gz for the others) except > RHEL4/5 that have RPMs out (AFTER 0.96.3 released), So you did the right job. Your bzip2 lib can no longer be exploited. > the ULIMIT issue > that I still don't fully grasp here and am still not clear if its > something we need to deal with....things seem to run so for now we > haven't gone in and touched it(again, this wasn't an issue in 0.96.2 why > is it an issue in 0.96.3 which appears to be a minor release 0.0.1) This issue was recently described on the ml. The warning can be safely ignored on Linux. > In our environment we have certain time-frames where we need to apply > code once its released depending on what and why it was put out so we > don't always have the luxury to let it sit for days...getting code that > is not labeled as RC and is supposedly prod quality and ready to go and > having these issues is not good...we've spend a good portion of the week > on this so far and seem to be finally OK, but it could have been much > smoother (again)....brings me back to the point of why are we running > these 4 test harness boxes for Torok if no-one is looking at what is > coming back from them. Thanks for your support. The 0.96.3 was tested on your boxes and confirmed to work fine before we released it. Since the tests are fully automated, we missed the ULIMIT warning issue but as I wrote above, it can just be ignored. Cheers, -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Sep 22 17:38:15 CEST 2010 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
