There are outside issues that prevented us from announcing the CVEs at that time. It's not because we were trying to hide something.
-- Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> On Jan 26, 2018, at 2:39 PM, Andreas Schulze <andreas.schu...@datev.de<mailto:andreas.schu...@datev.de>> wrote: Am 26.01.2018 um 16:06 schrieb Tobi: As far as I understand the release notes of 99.3 its a security fix which has nothing to do with former 99.3 beta. The former beta now is 0.100 (http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html). So at least for me it makes sense that you have to remove the beta first to apply fixed 99.3 version I compared 0.99.2 and 0.99.3 and found most of the diffs be present in 0.99.3beta2 now, as the links to bugzilla.clamav.net<http://bugzilla.clamav.net> are public, we see, the issues where known to the developers since October/November 2017! They published these changes silent as part of "beta2". They discusses about CVE at this time! This is *not* amazing. Andreas _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
