ClamAV released two CVEs a couple of weeks ago, including one for an RCE vulnerability with a CVSS 9.8 / critical rating and a publicly available proof-of-concept exploit. Are there plans to update the Squid package to include a current, fixed version of ClamAV?