From dirk at raeder.cc  Mon Aug 21 20:58:29 2023
From: dirk at raeder.cc (Dirk =?ISO-8859-1?Q?R=E4der?=)
Date: Mon, 21 Aug 2023 18:58:29 -0000
Subject: [manjaro-security] ClamAV outdated and susceptible to DOS attack
Message-ID: <4852966.31r3eYUQgx@dirk-tuxedo>

Hi,

I'm not sure whether this is right mailing list. If not, please point me to 
the right one.

ClamAV has released patched versions 1.1.1 and 1.0.2 almost a week ago 
deploying critical patches. Both address CVE-2023-20197 which has a CVSS 3.x 
score of 7.5. The latter also tackles CVE-2023-20212, also having CVSS 3.x 
score of 7.5.

Seeing that ClamAV has been flagged out-of-date in the package repo on 
2023-05-02, I'm wondering when this will be updated - or if there's anything I 
could do to update the ClamAV package myself.

Kind regards,

Dirk R?der
dirk at raeder.cc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20230821/59285bb3/attachment.sig>