Hello, Please note that Ubuntu, much like Debian, SuSE, and Red Hat, backport security fixes to the versions that we have shipped, so comparing version numbers alone isn't a reliable way to determine which vulnerabilities, if any, are still open for a given package. For more information, see our FAQ and Debian's FAQ entries (the Debian faq doesn't apply directly, but I like this specific entry.) https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions and https://www.debian.org/security/faq#version)
You can see that this CVE is still not handled yet: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2155.html and that tcpdump has several more known security issues that need to be fixed: http://people.canonical.com/~ubuntu-security/cve/pkg/tcpdump.html Our CVE tracking database can be queried at http://people.canonical.com /~ubuntu-security/cve/ We can't fix every issue immediately, and we have to prioritize our work based on the severity of the issue and how common the tools are, how much user interaction might be necessary to make exploits work. etc. Thanks ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-2155 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1444363 Title: tcpdump missing some CVEs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1444363/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
