Date: Thu, 15 Feb 2018 21:50:44 +0100 From: Hanno Böck <hanno@...eck.de> To: Joel Esler <joel.esler@...com> Cc: oss-security@...ts.openwall.com Subject: Re: clamav: Out of bounds read and segfault in xar parser On Tue, 03 Oct 2017 11:34:09 -0400 Joel Esler <joel.esler@...com> wrote: > > However, checking just now on Github I do not get the impression at > > all that development has stalled. Judging purely by number of > > commits, every month there are consistently a very healthy number. > > But what has stalled is stable releases; the last one being 0.99.2 > > on 22nd April 2016, so something is not quite right. But I've seen > > many open source/free software projects stalled over the years and > > definitely Clamav does not, IMO, fit that description (at least not > > yet). > > > > It’s not dead. At all. 99.2 as a stable release was released in > 2016, yes. We have been working on 99.3 since, and are planning 99.4 > and 99.5 now. 99.3 has been in beta for a couple months now, and the > fix for this issue has been in git since the date mentioned earlier > in the thread. It’s also obviously in 99.3. Except... 0.99.3 is out now and the fix is not included. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ