Marc, Thanks for the reply. The reason I suspected it got overlooked is that it's been listed for a while in the CVE tracker and openssl updates have subsequently been released and debian stable already has it. It isn't often that Ubuntu LTS releases are behind debian stable-- which I mean as a complement to the Ubuntu maintainers. Thanks.
Bob --- On Wed, 10/6/10, Marc Deslauriers <[email protected]> wrote: From: Marc Deslauriers <[email protected]> Subject: [Bug 655884] Re: CVE-2009-3245 not fixed for 8.04LTS To: [email protected] Date: Wednesday, October 6, 2010, 12:08 PM Thanks for reporting this issue. This isn't an oversight, this CVE is correctly being tracked in our CVE tracker: http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3245.html Since we consider this to be a "low" priority issue, it will be bundled in a future openssl security update. ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3245 ** Changed in: openssl (Ubuntu) Status: New => Confirmed ** Also affects: openssl (Ubuntu Dapper) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Jaunty) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Karmic) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu Dapper) Status: New => Confirmed ** Changed in: openssl (Ubuntu Hardy) Status: New => Confirmed ** Changed in: openssl (Ubuntu Jaunty) Status: New => Confirmed ** Changed in: openssl (Ubuntu Karmic) Status: New => Confirmed ** Changed in: openssl (Ubuntu Hardy) Importance: Undecided => Low ** Changed in: openssl (Ubuntu Karmic) Importance: Undecided => Low ** Changed in: openssl (Ubuntu Dapper) Importance: Undecided => Low ** Changed in: openssl (Ubuntu Jaunty) Importance: Undecided => Low ** Changed in: openssl (Ubuntu) Importance: Undecided => Low -- CVE-2009-3245 not fixed for 8.04LTS https://bugs.launchpad.net/bugs/655884 You received this bug notification because you are a direct subscriber of the bug. -- CVE-2009-3245 not fixed for 8.04LTS https://bugs.launchpad.net/bugs/655884 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
