[EPEL-devel] Are there any plans to rebuild ClamAV in EPEL7 following CVE-2022-37434?
Yesterday, ClamAV announced CVE-2022-37434 as critical
(https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.html).
Redhat only seem to classify the issue as Moderate in EL7 -
https://access.redhat.com/security/cve/cve-2022-37434. It looks like
that, unless Redhat classify it as Critical, zlib and zlib-devel won't
get updated so ClamAV can't be rebuilt against the updated zlib-devel.
What is the EPEL take on the issue?
Attachments:
- attachment.html (text/html — 807 bytes)