Hi I missed to include the clamav maintainers. Sorry about that.
// Ola On Sun, 31 Mar 2019 at 21:21, Ola Lundqvist <o...@inguza.com> wrote: > Dear maintainers, LTS team and Debian Secutiry team > > I have started to look at the clamav package update due to > CVE-2019-1787 > CVE-2019-1788 > CVE-2019-1789 > (the other three vulnerabilities are not affecting jessie or stretch as I > understand it) > > I have understood that the clamav package is typically updated to the > latest version also in stable and oldstable. However when doing so I > encountered quite a few things that I would like to ask your advice on. > > First of all to the maintainers. Do you want to handle also LTS > (oldstable) and regular security (stable) upload of clamav? > > Question to maintainers and Security team. Should we synchronize the > efforts here and have you already started on the stable update? > > If not I have a few questions: > 1) Do you know the binary compatibility between libclamav7 and libclamav9? > I have noticed that the package in sid produces libclamav9 while the one > in jessie provides libclamav7. Do you think this can be an issue? > 2) Do you think backporting the package in sid is better than simply > updating to the latest upstream while keeping most scripts in oldstable? I > had to copy over the split-archive.sh to be able to generate a proper orig > tarball. > - I personally think the package in sid have a little too much updates to > make that safe, especially since it produces new library packages. > - On the other hand, I had to do some modifications already to make allow > the package to be generated and I have not even started building yet. There > may be many fixes needed to make this package work in oldstable... > > I guess we cannot generate new library package version, or? > > Best regards > > // Ola > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > | o...@inguza.com o...@debian.org | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > --------------------------------------------------------------- > > -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
