[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] clamav: Out of bounds read and segfault in xar parser
From:       Hanno =?UTF-8?B?QsO2Y2s=?= <hanno () hboeck ! de>
Date:       2018-02-15 20:50:44
Message-ID: 20180215215044.2353a372 () pc1
[Download RAW message or body]

On Tue, 03 Oct 2017 11:34:09 -0400
Joel Esler <joel.esler@me.com> wrote:

> > However, checking just now on Github I do not get the impression at
> > all that development has stalled. Judging purely by number of
> > commits, every month there are consistently a very healthy number.
> > But what has stalled is stable releases; the last one being 0.99.2
> > on 22nd April 2016, so something is not quite right. But I've seen
> > many open source/free software projects stalled over the years and
> > definitely Clamav does not, IMO, fit that description (at least not
> > yet).  
> 
> 
> 
> It's not dead.  At all.  99.2 as a stable release was released in
> 2016, yes.  We have been working on 99.3 since, and are planning 99.4
> and 99.5 now.  99.3 has been in beta for a couple months now, and the
> fix for this issue has been in git since the date mentioned earlier
> in the thread.  It's also obviously in 99.3.

Except...
0.99.3 is out now and the fix is not included.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[prev in list] [next in list] [prev in thread] [next in thread]