Project

General

Profile

Bug #3586

[clamav] Outdated, vulnrable

wael - 2 months ago - . Updated 2 months ago.

Status:
not-a-bug
Priority:
bug
Assignee:
-
% Done:

0%

Description

The packaged version is terribly outdated, and potentially open to many vulnerabilities, not least of which: CVE-2024-20328.
I've sent a patch on the dev mailing list to update it.
I have not managed to get it to build, as there is an issue with the json library dependency, though it is a start nonetheless.

Files

0001-Updated-clamav-to-version-1.3.0-needs-fixing-for-bui.patch (4.67 KB) 0001-Updated-clamav-to-version-1.3.0-needs-fixing-for-bui.patch wael, 2024-02-18 09:18 PM

History

#1

Updated by anonymous 2 months ago

ClamAV package from Arch was blacklisted with string clamav:clamav:::[semifree] has nonfree unrar support for RAR into libclamunrar
So I think need to return ./configure --disable-unrar section in PKGBUILD

#2

Updated by bill-auger 2 months ago

  • Status changed from confirmed to not-a-bug

ima close this one too - this one is "vulnerable" only because it is "outdated" - that is a actually very peculiar situation - in this case, the maintainer should be taking better care of it

so regardless that it needs work and is technically "vulnerable", for this package it is simply a routine maintenance concern - there is a patch on the mailing list and ideally, the Maintainer should respond - if not, try sending email directly to the Maintainer - if the maintainer does not respond, that would perhaps be worthy of a bug report (eg: "package maintainer does not respond to email")

Also available in: Atom PDF