Re: clamav: Out of bounds read and segfault in xar parser

[Hanno Böck <hanno () hboeck de>]

On Tue, 03 Oct 2017 11:34:09 -0400
Joel Esler <joel.esler () me com> wrote:

> > However, checking just now on Github I do not get the impression at
> > all that development has stalled. Judging purely by number of
> > commits, every month there are consistently a very healthy number.
> > But what has stalled is stable releases; the last one being 0.99.2
> > on 22nd April 2016, so something is not quite right. But I've seen
> > many open source/free software projects stalled over the years and
> > definitely Clamav does not, IMO, fit that description (at least not
> > yet).  
>
>
>
> It’s not dead.  At all.  99.2 as a stable release was released in
> 2016, yes.  We have been working on 99.3 since, and are planning 99.4
> and 99.5 now.  99.3 has been in beta for a couple months now, and the
> fix for this issue has been in git since the date mentioned earlier
> in the thread.  It’s also obviously in 99.3.

Except...
0.99.3 is out now and the fix is not included.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42