Bug #3586
[clamav] Outdated, vulnrable
0%
Description
The packaged version is terribly outdated, and potentially open to many vulnerabilities, not least of which: CVE-2024-20328.
I've sent a patch on the dev mailing list to update it.
I have not managed to get it to build, as there is an issue with the json library dependency, though it is a start nonetheless.
Files
History
Updated by anonymous 2 months ago
ClamAV package from Arch was blacklisted with string clamav:clamav:::[semifree] has nonfree unrar support for RAR into libclamunrar
So I think need to return ./configure --disable-unrar section in PKGBUILD
Updated by bill-auger 2 months ago
- Status changed from confirmed to not-a-bug
ima close this one too - this one is "vulnerable" only because it is "outdated" - that is a actually very peculiar situation - in this case, the maintainer should be taking better care of it
so regardless that it needs work and is technically "vulnerable", for this package it is simply a routine maintenance concern - there is a patch on the mailing list and ideally, the Maintainer should respond - if not, try sending email directly to the Maintainer - if the maintainer does not respond, that would perhaps be worthy of a bug report (eg: "package maintainer does not respond to email")