Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
Re: [clamav-users] [External] Re: ClamAV® blog: ClamAV 0.102.2 security patch released
clamav-users at lists
Feb 6, 2020, 2:04 AM
Post #1 of 3 (188 views)
Permalink
On 2/6/2020 3:59 AM, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Wed, 5 Feb 2020, Michael Orlitzky via clamav-users wrote:
>> On 2/5/20 12:29 PM, Joel Esler (jesler) via clamav-users wrote:
>>>
>>> ClamAV 0.102.2 is a security patch release to address the following
>>> issues.
>>
>> Off-topic: please help us help you. It would make tracking what issues
>> are (not) fixed a lot easier for us downstream if we could see the bugs
>> on bugzilla. In practice, no one ever unchecks the "security" box and
>> trivial issues are invisible for years.
>
> What "security" box is that?

They are referring to a selection in the bug tracking software that
marks a bug as security.  When that occurs, information is hidden from
the public so as not to empower bad actors.

Unfortunately, from my experience, that information should never be
public.  Far too dangerous.

Regards,
KAM
Re: [clamav-users] [External] Re: ClamAV? blog: ClamAV 0.102.2 security patch released [ In reply to ]
clamav-users at lists
Feb 6, 2020, 2:28 AM
Post #2 of 3 (188 views)
Permalink
Hi there,

On Thu, 6 Feb 2020, Kevin A. McGrail via clamav-users wrote:
> On 2/6/2020 3:59 AM, G.W. Haywood via clamav-users wrote:
>> On Wed, 5 Feb 2020, Michael Orlitzky via clamav-users wrote:
>>> On 2/5/20 12:29 PM, Joel Esler (jesler) via clamav-users wrote:
>>>>
>>>> ClamAV 0.102.2 is a security patch release to address the following
>>>> issues.
>>>
>>> Off-topic: please help us help you. It would make tracking what issues
>>> are (not) fixed a lot easier for us downstream if we could see the bugs
>>> on bugzilla. In practice, no one ever unchecks the "security" box and
>>> trivial issues are invisible for years.
>>
>> What "security" box is that?
>
> They are referring to a selection in the bug tracking software that
> marks a bug as security. ...

I am familiar with the UI of the bug tracking software at the ClamAV
Bugzilla. It has a drop-down box which gives an option to mark a new
issue with "security" - but that is not the default, and I do not know
of any "security" box, which is why I asked the question. FWIW I use
Palemoon for things like this. Like any browser, Palemoon has issues,
one of which is that sometimes it renders things differently from some
of the more popular browsers. I wondered if I was missing something.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] [External] Re: ClamAV® blog: ClamAV 0.102.2 security patch released [ In reply to ]
clamav-users at lists
Feb 6, 2020, 6:32 AM
Post #3 of 3 (187 views)
Permalink
On 2/6/20 5:28 AM, G.W. Haywood via clamav-users wrote:
>
> I am familiar with the UI of the bug tracking software at the ClamAV
> Bugzilla. It has a drop-down box which gives an option to mark a new
> issue with "security" - but that is not the default, and I do not know
> of any "security" box, which is why I asked the question.

When you create a new bug, it automatically gets marked as being a
private "security" bug until someone comes along and undoes that.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal