On Tue, 8 Aug 2006, Ralph Angenendt wrote: > Email Lists wrote: > > Greetings > > > > I was informed on another list about this... im not a serious programming or > > exploit creation expert yet this appears to me to be fairly serious..... > > > > For those of you that have not heard about it, there has been a > > www.clamav.net update to 88.4 > > > > I roll my own rpms so I don't wait for upstream on this one... and for all I > > know they have dealt with it already... > > rpmforge has updated packages already, but they're version 0.88.3-2, not > 0.88.4, fwiw. The patch was released before the 0.88.4 release. So I had to bring out a patched 0.88.3. Late last night they released 0.88.4 and I build it. And this morning uploaded it. The 0.88.3-2 and the 0.88.4 are identical. The clamav people anticipated to release 0.89 with the patch included but unfortunately the problem was disclosed on secunia yesterday. So they released the patch in a rush. There is a closed mailinglist for clamav packagers where they announce new releases and security patches before they're made public. The downside is that people in between 0.88.3-2 and 0.88.4 eventually had to download the same data twice. The upside is that the security-fix was released sooner. Kind regards, -- dag wieers, dag at wieers.com, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]