[Pkg-clamav-devel] Bug#951057: marked as done (clamav-freshclam: allow overriding of CA store)

Sat, 22 Feb 2020 11:36:52 -0800 

Your message dated Sat, 22 Feb 2020 19:32:07 +0000
with message-id <[email protected]>
and subject line Bug#951057: fixed in clamav 0.102.2+dfsg-0+deb10u1
has caused the Debian Bug report #951057,
regarding clamav-freshclam: allow overriding of CA store
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
951057: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951057
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: clamav-freshclam
Version: 0.102.1+dfsg-1
User: [email protected]
Usertags: needed-by-DSA-Team
Control: found -1 0.102.1+dfsg-0+deb9u1

Hi,
With 0.102, Freshclam started using libcurl for database downloads, but appears to provide no way to configure which certificates should be trusted.
This causes issues on debian.org systems, which have a very limited set of trusted certificates by default. We're working around this with: 

<quote>
# /etc/systemd/system/clamav-freshclam.service.d/override.conf
[Service]
BindReadOnlyPaths=/etc/ssl/ca-global:/etc/ssl/certs
</quote>
but this isn't ideal. A configuration option to allow specifying an alternative bundle / root, or even respecting CURL_CA_BUNDLE, would be much appreciated. 

Regards,

Adam

--- End Message ---
--- Begin Message --- 
Source: clamav
Source-Version: 0.102.2+dfsg-0+deb10u1
Done: Sebastian Andrzej Siewior <[email protected]>

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <[email protected]> (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 22 Feb 2020 14:39:45 +0100
Source: clamav
Architecture: source
Version: 0.102.2+dfsg-0+deb10u1
Distribution: buster
Urgency: medium
Maintainer: ClamAV Team <[email protected]>
Changed-By: Sebastian Andrzej Siewior <[email protected]>
Closes: 950944 951057
Changes:
 clamav (0.102.2+dfsg-0+deb10u1) buster; urgency=medium
 .
   * Import 0.102.2
     - CVE-2020-3123 (DoS may occur in the optional DLP feature)
       (Closes: 950944).
   * Update symbol file.
   * Set ReceiveTimeout to 0 which is upstream default.
   * Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
     to set the CA bundle (like curl does) (Closes: #951057).
   * Recommend ca-certificates, new freshclash uses https by default.
Checksums-Sha1:
 09907e98a512db20ceb481ecc1293f684b84ae1f 2818 clamav_0.102.2+dfsg-0+deb10u1.dsc
 aba1584a99a8cffa1d2bfa6b61e5bc3a14ccbaf2 219252 
clamav_0.102.2+dfsg-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 751686af9c343f385ff6c36057270b1b99a2c0d95eb624d83ce6e6c958e00082 2818 
clamav_0.102.2+dfsg-0+deb10u1.dsc
 6e38c9082a56d52c7929f3340da201176f3c947d40344ca8adf79e33cc162619 219252 
clamav_0.102.2+dfsg-0+deb10u1.debian.tar.xz
Files:
 ce56a07d8842f7ae06fd23f37eceb5cf 2818 utils optional 
clamav_0.102.2+dfsg-0+deb10u1.dsc
 af0e787d6977a8c0c89842cff116fab9 219252 utils optional 
clamav_0.102.2+dfsg-0+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAl5RNwEACgkQBWQfF1cS
+ltuRAv+NuF7BFFl8efXouPTmm0cdqybBOqxouKhXYemPnENi2QNYvAMXkUwL4e1
n8UJfFkbv6yZhXK5kY9DERcyMBZFCBUzs9ZQa96qJlskTC1fVlTuiJpLvmvtFH2R
OonZINCz9WK1chWZMhBN+wYNRY15EM8kNsd1oXpJuSUzjga3QXEF+F7uXz5LQgma
XO9LxhJry8aBYhqo6Jld86YKk2XUP9uH9A7ylgAHoRumAAdvLEDDofyPpR9Pws90
sA0KTILvjfbf9/4f2AR8Xlb/qCTb7wEyEa6YXiD7r9dRoaosQH0PIzCzIhNorgMP
OD0hfvt+N0OvWWtj+DEGprDM0cGfn74DVUMtBoqJV8i+KA/4wDsuCbnnWnim6Fn+
+mVz3o4q0JKmodDaPaPIvbNkDMNe6aF9VHXzwYP5gRy+9mJQ4dJSO+8MdlX3rl2X
uPAqlJDTk6WibL+HsDuBHxWiwOTtCMMG71Qc0ox/XK77k+AOMJOANVLR104TM3Gs
ULx4AThH
=TUl1
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel

Reply via email to