Historically, fixes for such issues would have not been part of a pre-release. They would have been added to the public VCS on release day.
You may not have been able to announce the CVEs for some reason, but I don't think silently disclosing the fixes was the best thing to have done. Scott K On January 26, 2018 9:55:49 PM UTC, "Joel Esler (jesler)" <jes...@cisco.com> wrote: >There are outside issues that prevented us from announcing the CVEs at >that time. It's not because we were trying to hide something. > > >-- >Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com> > > > > > > >On Jan 26, 2018, at 2:39 PM, Andreas Schulze ><andreas.schu...@datev.de<mailto:andreas.schu...@datev.de>> wrote: > >Am 26.01.2018 um 16:06 schrieb Tobi: >As far as I understand the release notes of 99.3 its a security fix >which has nothing to do with former 99.3 beta. >The former beta now is 0.100 >(http://blog.clamav.net/2018/01/clamav-version-number-adjustment.html). >So at least for me it makes sense that you have to remove the beta >first to apply fixed 99.3 version >I compared 0.99.2 and 0.99.3 and found most of the diffs be present in >0.99.3beta2 > >now, as the links to bugzilla.clamav.net<http://bugzilla.clamav.net> >are public, we see, the issues where known to the developers since >October/November 2017! >They published these changes silent as part of "beta2". They discusses >about CVE at this time! >This is *not* amazing. > >Andreas > > >_______________________________________________ >clamav-users mailing list >clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> >http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > >Help us build a comprehensive ClamAV guide: >https://github.com/vrtadmin/clamav-faq > >http://www.clamav.net/contact.html#ml > >_______________________________________________ >clamav-users mailing list >clamav-users@lists.clamav.net >http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > >Help us build a comprehensive ClamAV guide: >https://github.com/vrtadmin/clamav-faq > >http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
