|
 Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Wed, Dec 19, 2007 at 06:38:04PM +0100, Moritz Muehlenhoff wrote:
> Package : clamav
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-6335 CVE-2007-6336
> The old stable distribution (sarge) is not affected by these problems.
> However, since the clamav version from Sarge cannot process all current
> Clam malware signatures any longer, support for the ClamAV in Sarge is
> now discontinued. We recommend to upgrade the the stable distribution
> or run a backport of the stable version.
Are there any updates planned for sarge in volatile.debian.org?
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Dominic Hargreaves wrote:
> > However, since the clamav version from Sarge cannot process all current
> > Clam malware signatures any longer, support for the ClamAV in Sarge is
> > now discontinued. We recommend to upgrade the the stable distribution
^^^^^^^^^^^^^^
> > or run a backport of the stable version.
>
> Are there any updates planned for sarge in volatile.debian.org?
discontinued = no plans, no future, gone, ...
Ciao Marco!
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Marco Maske wrote:
> Dominic Hargreaves wrote:
>
>>> However, since the clamav version from Sarge cannot process all current
>>> Clam malware signatures any longer, support for the ClamAV in Sarge is
>>> now discontinued. We recommend to upgrade the the stable distribution
> ^^^^^^^^^^^^^^
>>> or run a backport of the stable version.
>> Are there any updates planned for sarge in volatile.debian.org?
>
> discontinued = no plans, no future, gone, ...
Hmm, he kind of asks if a stable backport would be considered to be
uploaded for sarge in volatile... which is not a priori ruled out,
though not very likely AFAICS.
Cheers
Luk
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
This one time, at band camp, Dominic Hargreaves said:
>
> Are there any updates planned for sarge in volatile.debian.org?
Yes, and they're uploaded.
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@... |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Thu, 2007-12-20 at 01:12 +0000, Stephen Gran wrote:
> This one time, at band camp, Dominic Hargreaves said:
> >
> > Are there any updates planned for sarge in volatile.debian.org?
>
> Yes, and they're uploaded.
Where?
-Jim P.
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
This one time, at band camp, Jim Popovitch said:
> On Thu, 2007-12-20 at 01:12 +0000, Stephen Gran wrote:
> > This one time, at band camp, Dominic Hargreaves said:
> > >
> > > Are there any updates planned for sarge in volatile.debian.org?
> >
> > Yes, and they're uploaded.
>
> Where?
http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav/--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@... |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Thu, 20 Dec 2007, Stephen Gran wrote:
> This one time, at band camp, Jim Popovitch said:
>> On Thu, 2007-12-20 at 01:12 +0000, Stephen Gran wrote:
>>> This one time, at band camp, Dominic Hargreaves said:
>>>>
>>>> Are there any updates planned for sarge in volatile.debian.org?
>>>
>>> Yes, and they're uploaded.
>>
>> Where?
>
> http://volatile.debian.org/debian-volatile/pool/volatile/main/c/clamav/> --
> -----------------------------------------------------------------
> | ,''`. Stephen Gran |
> | : :' : sgran@... |
> | `. `' Debian user, admin, and developer |
> | `- http://www.debian.org |
> -----------------------------------------------------------------
>
Apologies if this is the wrong place for the question. I'm still
relatively new to the debian world and trying to get a feel for what's
what/what's where.
Whenever I run freshclam I get an error about being on version 0.91.2 and
0.92 is what I should be running. When I follow the recommended link
there doesn't seem to be a new package available. I thought I had gone
through this process once before by adding this to /etc/apt/sources
deb http://volatile.debian.org/debian-volatile etch/volatile main contrib
non-free
However when I do an "apt-get update" (during which volatile is listed)
and then "apt-get upgrade" or "apt-get install clamav" I get a message
that I'm running the latest version. What am I missing?
Thanks
Forrest
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On 12/20/07, Forrest Houston < fhouston@...> wrote:
> On Thu, 20 Dec 2007, Stephen Gran wrote:
> Whenever I run freshclam I get an error about being on version 0.91.2 and
> 0.92 is what I should be running. When I follow the recommended link
> there doesn't seem to be a new package available. I thought I had gone
> through this process once before by adding this to /etc/apt/sources
>
> deb http://volatile.debian.org/debian-volatile etch/volatile main contrib
> non-free
>
> However when I do an "apt-get update" (during which volatile is listed)
> and then "apt-get upgrade" or "apt-get install clamav" I get a message
> that I'm running the latest version. What am I missing?
>
I have the same thing (except I'm running sarge). Looking at the
volatile repository, it appears that the updated version of clamav is
in (sarge|etch)-proposed-updates.
Presumably this means that the main volatile distributions will be
updated soon, or have I misunderstood the situation?
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Hi!
> ----- Original Message ----
> From: Aneurin Price < aneurin.price@...>
> To: Forrest Houston < fhouston@...>
> Cc: debian-volatile@...; debian-security < debian-security@...>
> Sent: Friday, December 21, 2007 9:55:05 AM
> Subject: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
>
> On 12/20/07, Forrest Houston < fhouston@...> wrote:
> > On Thu, 20 Dec 2007, Stephen Gran wrote:
>
> > Whenever I run freshclam I get an error about being on version 0.91.2
and
> > 0.92 is what I should be running. When I follow the recommended link
> > there doesn't seem to be a new package available. I thought I had
gone
> > through this process once before by adding this to /etc/apt/sources
> >
> > deb http://volatile.debian.org/debian-volatile etch/volatile main
contrib
> > non-free
> >
> > However when I do an "apt-get update" (during which volatile is
listed)
> > and then "apt-get upgrade" or "apt-get install clamav" I get a
message
> > that I'm running the latest version. What am I missing?
> >
>
> I have the same thing (except I'm running sarge). Looking at the
> volatile repository, it appears that the updated version of clamav is
> in (sarge|etch)-proposed-updates.
>
> Presumably this means that the main volatile distributions will be
> updated soon, or have I misunderstood the situation?
>
The same happened when they updated tzdata, and it took around 24 hours to move from "proposed-updates" to main volatile.
I think it should be about the same here.
c-ya!
Ildefonso Camargo
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
This one time, at band camp, Aneurin Price said:
> Presumably this means that the main volatile distributions will be
> updated soon, or have I misunderstood the situation?
My understanding is that we're waiting on a few more builds before it
goes out, so yes, that seems correct. I posted the link above because
you can manually grab the debs yourself and install them if it is
urgent. The -0volatile2 packages are for sarge, the ~1volatile2
packages are for etch.
Take care,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@... |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On 12/20/07, Stephen Gran < sgran@...> wrote:
> This one time, at band camp, Aneurin Price said:
> > Presumably this means that the main volatile distributions will be
> > updated soon, or have I misunderstood the situation?
>
> My understanding is that we're waiting on a few more builds before it
> goes out, so yes, that seems correct. I posted the link above because
> you can manually grab the debs yourself and install them if it is
> urgent. The -0volatile2 packages are for sarge, the ~1volatile2
> packages are for etch.
>
That's good to hear; thanks for the clarification.
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
Aneurin Price wrote:
> On 12/20/07, Stephen Gran < sgran@...> wrote:
>> This one time, at band camp, Aneurin Price said:
>>> Presumably this means that the main volatile distributions will be
>>> updated soon, or have I misunderstood the situation?
>> My understanding is that we're waiting on a few more builds before it
>> goes out, so yes, that seems correct. I posted the link above because
>> you can manually grab the debs yourself and install them if it is
>> urgent. The -0volatile2 packages are for sarge, the ~1volatile2
>> packages are for etch.
>>
>
> That's good to hear; thanks for the clarification.
>
>
I was fallowing this subject as i had the same concerns regarding this
particular update of clamav.
So, i would like to thank all those who toke the time to clarify this
matter.
Thank you all.
--
José Santos
debianite@...
http://goodbye-microsoft.com/http://www.ftml.net/mail/?STKI=1516747--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
On Thu, 2007-12-20 at 20:07 +0000, J. Santos wrote:
> So, i would like to thank all those who toke the time to clarify this
> matter.
> Thank you all.
I would also like to add my Thanks to everyone involved.
Thank you,
-Jim P.
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
new updates, no recent DSAs.... Hmmmm
|
|
Re: new updates, no recent DSAs.... Hmmmm
Jim Popovitch schrieb am Thursday, den 27. December 2007:
*snip*
> Did I miss something? Why now, why no DSAs? (apt-get update/upgrade
> didn't indicate any packages last weekend, and sources.list hasn't
> changed). The notification of new packages was triggered 23:15 EST.
Yes
http://www.us.debian.org/News/2007/20071227Alex
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: new updates, no recent DSAs.... Hmmmm
On Thu, 2007-12-27 at 22:42 +0000, Alexander Wirt wrote:
> Yes
:-)
> http://www.us.debian.org/News/2007/20071227Actually I didn't miss that, or rather I did get that email today....
but in the past I seem to recall the process was individual DSAs and
releases, followed by a bundled new release rollup. Perhaps I am wrong.
-Jim P.
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: new updates, no recent DSAs.... Hmmmm
On Thu, 2007-12-27 at 17:55 -0500, Jim Popovitch wrote:
> On Thu, 2007-12-27 at 22:42 +0000, Alexander Wirt wrote:
> > Yes
>
> :-)
>
> > http://www.us.debian.org/News/2007/20071227>
> Actually I didn't miss that, or rather I did get that email today....
> but in the past I seem to recall the process was individual DSAs and
> releases, followed by a bundled new release rollup. Perhaps I am wrong.
Oh, and thank you Alex for connecting the dots for me.
-Jim P.
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
|
Re: new updates, no recent DSAs.... Hmmmm
Jim Popovitch < yahoo@...> writes:
> Actually I didn't miss that, or rather I did get that email today....
> but in the past I seem to recall the process was individual DSAs and
> releases, followed by a bundled new release rollup. Perhaps I am wrong.
Stable updates always include other things besides DSAs. Security updates
are usually the majority of the release, but there are always other, more
minor things that get fixed.
--
Russ Allbery ( rra@...) < http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-volatile-request@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...
|
signature.asc (196 bytes) 