Bug 221608 - security/clamav: CVE-2017-6419
Summary: security/clamav: CVE-2017-6419
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mark Felder
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-18 14:34 UTC by Fabiano Sidler
Modified: 2017-09-02 16:52 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (ler)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fabiano Sidler 2017-08-18 14:34:36 UTC 
Are we[tm] affected?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419

libmspack is apparently not a dependency, but also some Ubuntu-Versions use an embedded one.
Comment 1 Fabiano Sidler 2017-08-29 06:26:24 UTC 
Hello? What's the reason this not being reacted upon?
Comment 2 Mark Felder freebsd_committer freebsd_triage 2017-08-29 06:28:51 UTC 
I work with the ClamAV folks. I'll investigate with the team in the morning.
Comment 3 Fabiano Sidler 2017-09-01 12:09:45 UTC 
Any progress?
Comment 4 Mark Felder freebsd_committer freebsd_triage 2017-09-02 16:44:11 UTC 
Confirmed and added to vuxml.
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-09-02 16:44:18 UTC 
A commit references this bug:

Author: feld
Date: Sat Sep  2 16:43:50 UTC 2017
New revision: 449153
URL: https://svnweb.freebsd.org/changeset/ports/449153

Log:
  Document clamav vulnerability

  PR:		221608
  Security:	CVE-2017-6419

Changes:
  head/security/vuxml/vuln.xml
Comment 6 Mark Felder freebsd_committer freebsd_triage 2017-09-02 16:50:22 UTC 
Actually no, I'm looking at the wrong source. 0.99.3 isn't released yet. This doesn't affect us.