*** This bug is a security vulnerability *** Public security bug reported:
Dear community, Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances because of CVE-2021-42378. I can see that there is already a fix for Ubuntu 22.04. When will the fix be released for the LTS versions 18.04 and 20.04? I can see the finding is monitored at https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is 7.2, so I think the rating "high" would be better. Or is there any reason why "low" is ok? Thanks in advance. Best regards. ** Affects: busybox (Ubuntu) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42378 ** Information type changed from Private Security to Public Security ** Information type changed from Public Security to Private Security ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to busybox in Ubuntu. https://bugs.launchpad.net/bugs/1953337 Title: Backport needed for 18.04 and 20.04 LTS (CVE-2021-42378) Status in busybox package in Ubuntu: New Bug description: Dear community, Qualys reports a finding on our Ubuntu 18.04 and Ubuntu 20.04 instances because of CVE-2021-42378. I can see that there is already a fix for Ubuntu 22.04. When will the fix be released for the LTS versions 18.04 and 20.04? I can see the finding is monitored at https://ubuntu.com/security/CVE-2021-42378, but the CVSS3 scoring is 7.2, so I think the rating "high" would be better. Or is there any reason why "low" is ok? Thanks in advance. Best regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1953337/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
