Hi, Ubuntu is based on testing and does not import our fixes after its release (except a few list), then it's normal to find a lot of vulnerabilities. See https://lemonldap-ng.org/documentation for exemple
Le 1 novembre 2020 14:59:32 GMT+01:00, Utkarsh Gupta <utka...@debian.org> a écrit : >[CCing team@security.d.o] > >On Sun, Nov 1, 2020 at 7:09 PM Ole Streicher <oleb...@debian.org> wrote: >> I just stumbled upon the following web page: >> https://cyber-itl.org/2020/10/28/citl-7000-defects.html >> They claim to have found ~7000 defects in Ubuntu packages (a number of >> those are maintained by me). > >On a *very* quick look, some of these packages have CVE(s) issued >against them and are already fixed as well, I think. > >That said, it'd be a bit weird if they don't report these issues and >ask for a CVE assignment against these. >Anyway, the security team might know more about this. > > >- u > -- Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.