Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1
Control: tags -1 + confirmed
On Tue, 2021-04-20 at 21:42 +0200, Sebastian Andrzej Siewior wrote:
> On 2021-04-19 21:15:06 [+0100], Adam D. Barratt wrote:
> > > > I guess the diff against the current buster package is quite
> > > > large
> > > > by
> > > > this point?
> > >
> > > What do you mean by this point? We did full clamav uploads in the
> > > past.
> > > Please excuse if I miss something obvious.
> >
> > Sorry, that may have been poor phrasing on my part. I simply meant
> > between the current and proposed packages, as we're changing the
> > upstream major version tree being followed.
>
> Correct, we advance from 102 to 103. The 102 series seems not to be
> updated anymore. As I tried to argue why I don't think it that is
> enough to backport that one CVE that also applies to 102 (as done by
> the LTS team) it terms of security and support.
I'm certainly happy to defer to your judgement here, given our previous
experience with clamav updates in stable. I was simply trying to
ascertain the scale of the update involved, but fear I may have just
confused the discussion; perhaps it doesn't really matter that much, in
the end.
Please feel free to upload. I assume that, given there are security
fixes involved, you'd prefer an early release via stable-updates as
we've done with a number of updates in the past?
Regards,
Adam
Reply to: