Bug 38629
| Summary: | Update clamav to 0.98.7 (ES 3.1) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Arvid Requate <requate> |
| Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
| Severity: | normal | ||
| Priority: | P5 | CC: | gohmann, walkenhorst |
| Version: | UCS 3.1 | Flags: | requate:
Patch_Available+
|
| Target Milestone: | UCS 3.1-ES | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | Security | |
| Max CVSS v3 score: | |||
| Attachments: |
Advisory ClamAV 0.98.7 extsec3.1
Advisory ClamAV 0.98.7 extsec3.1 v2 |
||
|
Description
Arvid Requate
*** Bug 38428 has been marked as a duplicate of this bug. *** Note the warning of Bug 36965: When building this the update to the new upstream release needs to be added as a patch, otherwise we have the problem that there might be an erratum update in ES 3.1, which is more recent than in 3.2-0 and/or 4.0-0. The clamav version in 4.0 uses the system copy of LLVM, but the ClamAV tarball also includes a local copy, so the dependencies must be adapted not to build-depend on libllvm. $ repo_admin.py --cherrypick -r 3.2-0 -s errata3.2-6 --releasedest 3.1-0 --dest extsec3.1 -p clamav Debian-Version Scope UCS-Version 0.97.7+dfsg-1~squeeze1 errata3.1-1 0.97.7+dfsg-1.122.201305101425 0.97.8+dfsg-1~squeeze1 ucs3.2-0 0.97.8+dfsg-1.123.201307301517 r14803 | Bug #38629: ClamAV 0.98.7 for UCS-3.1 Package: clamav Version: 0.97.7+dfsg-2~really0.98.7+dfsg-0.152.201506081116 Branch: ucs_3.1-0 Scope: extsec3.1 OK: apt-get install clamav OK: clamscan test/clam* Created attachment 6947 [details] Advisory ClamAV 0.98.7 extsec3.1 The list of CVEs is incomplete, as neither the upstream ChangeLog nor the Debian-ChangeLog lists all CVEs. The mentioned list of CVEs has been compiled for for Bug #36965, but the update 0.97.7+dfsg-1 to 0.98.7+dfsg-0 contains additional changes. Tests (amd64): clamav: OK freshclam: OK Advisory: OK Version number: OK Package: clamav-daemon Version: 0.97.7+dfsg-2~really0.98.7+dfsg-0.152.201506081116 Breaks: clamav-base (<< 0.98.1+dfsg-6) this makes this package uninstallable. Replaces: clamav-base (<< 0.98.1+dfsg-6) Maybe this version must be corrected too? (In reply to Janek Walkenhorst from comment #6) > > Package: clamav-daemon > > Version: 0.97.7+dfsg-2~really0.98.7+dfsg-0.152.201506081116 > > Breaks: clamav-base (<< 0.98.1+dfsg-6) > this makes this package uninstallable. Changed to "0.97.7+dfsg-2~really0.98.1+dfsg-6" > > Replaces: clamav-base (<< 0.98.1+dfsg-6) > Maybe this version must be corrected too? Yes, also fixed r14821 | Bug #38629: ClamAV 0.98.7 for UCS-3.1 Package: clamav Version: 0.97.7+dfsg-2~really0.98.7+dfsg-0.155.201506121728 Branch: ucs_3.1-0 Scope: extsec3.1 OK: apt-get install clamav-daemon OK: aptitude install '?source-package(^clamav$)' Created attachment 6961 [details]
Advisory ClamAV 0.98.7 extsec3.1 v2
Updated Fixed version to 0.97.7+dfsg-2~really0.98.7+dfsg-0.155.201506121728
Tests (amd64): clamav: OK freshclam: OK Advisory: OK Version number: OK Released |