On 2025-07-19 19:14:28 [+0100], Adam D. Barratt wrote: > On Sun, 2025-06-29 at 23:32 +0200, Sebastian Andrzej Siewior wrote: > > ClamAV upstream released 1.0.9 which is their LTS version matching > > the release in Bookworm. It addresses two CVEs: > > > > - CVE-2025-20128 (Fixed a possible buffer overflow read bug in the > > OLE2 file parser that could cause a denial-of-service (DoS) > > condition) > > - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the > > PDF file parser that could cause a denial-of-service (DoS) condition > > or enable remote code execution.) > > I should have checked sooner, but were you looking for this to be > released as an SUA?
It would be nice given the CVEs that are referenced by upstream. So if it is not too much work given all the Trixie preparation. > Regards, > > Adam Sebastian
