Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 15 Feb 2018 21:50:44 +0100
From: Hanno Böck <>
To: Joel Esler <>
Subject: Re: clamav: Out of bounds read and segfault in xar

On Tue, 03 Oct 2017 11:34:09 -0400
Joel Esler <> wrote:

> > However, checking just now on Github I do not get the impression at
> > all that development has stalled. Judging purely by number of
> > commits, every month there are consistently a very healthy number.
> > But what has stalled is stable releases; the last one being 0.99.2
> > on 22nd April 2016, so something is not quite right. But I've seen
> > many open source/free software projects stalled over the years and
> > definitely Clamav does not, IMO, fit that description (at least not
> > yet).  
> It’s not dead.  At all.  99.2 as a stable release was released in
> 2016, yes.  We have been working on 99.3 since, and are planning 99.4
> and 99.5 now.  99.3 has been in beta for a couple months now, and the
> fix for this issue has been in git since the date mentioned earlier
> in the thread.  It’s also obviously in 99.3.

0.99.3 is out now and the fix is not included.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ