I’m aware of how to fix the issue, my concern isn’t about resolving it, but rather understanding the decision-making process that led to this breaking change being pushed via ubuntu-security.
For context, Debian hasn’t backported the fix yet either: https://security-tracker.debian.org/tracker/CVE-2025-20260 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-20260 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2115907 Title: Unexpected ClamAV Major Upgrade in LTS (jammy) via ubuntu-security To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/2115907/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
