[CentOS] www.clamav.net update

Tue Aug 8 13:12:26 UTC 2006
Dag Wieers <dag at wieers.com>

On Tue, 8 Aug 2006, Ralph Angenendt wrote:

> Email Lists wrote:
> > Greetings
> > 
> > I was informed on another list about this... im not a serious programming or
> > exploit creation expert yet this appears to me to be fairly serious.....
> > 
> > For those of you that have not heard about it, there has been a
> > www.clamav.net update to 88.4
> > 
> > I roll my own rpms so I don't wait for upstream on this one... and for all I
> > know they have dealt with it already...
> 
> rpmforge has updated packages already, but they're version 0.88.3-2, not
> 0.88.4, fwiw.

The patch was released before the 0.88.4 release. So I had to bring out a 
patched 0.88.3. Late last night they released 0.88.4 and I build it. And 
this morning uploaded it.

The 0.88.3-2 and the 0.88.4 are identical. The clamav people anticipated 
to release 0.89 with the patch included but unfortunately the problem was 
disclosed on secunia yesterday. So they released the patch in a rush.

There is a closed mailinglist for clamav packagers where they announce new 
releases and security patches before they're made public.

The downside is that people in between 0.88.3-2 and 0.88.4 eventually had 
to download the same data twice. The upside is that the security-fix was 
released sooner.

Kind regards,
--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[all I want is a warm bed and a kind word and unlimited power]