Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities

Hi!

> ----- Original Message ----
> From: Aneurin Price <aneurin.price@gmail.com>
> To: Forrest Houston <fhouston@east.isi.edu>
> Cc: debian-volatile@lists.debian.org; debian-security <debian-security@lists.debian.org>
> Sent: Friday, December 21, 2007 9:55:05 AM
> Subject: Re: [SECURITY] [DSA 1435-1] New clamav packages fix several vulnerabilities
>

> On 12/20/07, Forrest Houston <fhouston@east.isi.edu> wrote:
> > On Thu, 20 Dec 2007, Stephen Gran wrote:
>
> > Whenever I run freshclam I get an error about being on version 0.91.2
 and
> > 0.92 is what I should be running. When I follow the recommended link
> > there doesn't seem to be a new package available. I thought I had
 gone
> > through this process once before by adding this to /etc/apt/sources
> >
> > deb http://volatile.debian.org/debian-volatile etch/volatile main
 contrib
> > non-free
> >
> > However when I do an "apt-get update" (during which volatile is
 listed)
> > and then "apt-get upgrade" or "apt-get install clamav" I get a
 message
> > that I'm running the latest version. What am I missing?
> >
>
> I have the same thing (except I'm running sarge). Looking at the
> volatile repository, it appears that the updated version of clamav is
> in (sarge|etch)-proposed-updates.
>
> Presumably this means that the main volatile distributions will be
> updated soon, or have I misunderstood the situation?
>

The same happened when they updated tzdata, and it took around 24 hours to move from "proposed-updates" to main volatile.

I think it should be about the same here.

c-ya!

Ildefonso Camargo