The Ubuntu releases with vulnerable versions are all EOL, so making this bug public and closing.
I find the lack of actual security support for the majority of packages in Ubuntu rather disturbing - I don't run Ubuntu myself currently so providing a tested debdiff isn't easy, but I did provide links to the patches which we applied in Debian, so the work required on the Ubuntu side would not have been great. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/587739 Title: CVE-2009-2947 fix not applied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xapian-omega/+bug/587739/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs