Hi everybody, The fixed versions seem not to be available at https://packages.debian.org/search?keywords=clamav&searchon=names&suite=all§ion=all .
Why does it take so long for such a critical bug. This means DOS and remote code execution vulnerability for a whole lot of mail gateways, which might expose communication, abuse those systems for spam or use them to get into trusted networks. The vulnerability is already actively used. The answer cannot be to compile a new version on our own. This is not the reason for having a long term support distribution, maybe with a small footprint without a compiler. It took already more than 72h while the patch was available. The open source world usually does a great job on fast security updates and I’m sure you guys do too. Could you please provide this update as soon as any possible or give us some information how long it will take? Thanks, Fared
