On Wed, 20 Oct 2010 09:45:11 +1100 Bill Maidment <b...@maidment.vu> wrote:
> -----Original message----- > > > > > You can help by testing (or just running ./configure && make check) > > the latest code available in our Git repository - the latest > > snapshot tarball can be grabbed here: > > > > ./configure > > gives the Warning message > > checking for CVE-2010-0405... bugged > configure: WARNING: ****** bzip2 libraries are affected by the > CVE-2010-0405 bug configure: WARNING: ****** We strongly suggest you > to update bzip2 configure: WARNING: ****** Please do not report > stability problems to the ClamAV developers! > > I am running on RHEL 6 Beta2 and the version of bzip2 is: > bzip2-1.0.5-6.1.el6.x86_64 rpm -qip bzip2-1.0.5-6.1.el6.src.rpm ... Build Date: Thu 03 Dec 2009 03:22:55 That is prior to CVE-2010-0405 bugfix. > > I would have thought RedHat would have fixed their version of bzip2. I don't know if betas get security updates. Maybe if you have RHN subscription. > How does ./configure check bzip2? Is it just by version number? It checks for a crash. bugged means the testcase crashed. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
