Hi Emily, I'm sorry, I posted my previous message in a hurry without checking out what the vulnerabilities involved.
Thanks for your response and the CVE link for open-vm-tools. That's helpful! Can you please tell me the URL for the companion open-vm-tools-desktop package? It wasn't obvious. Although this bug has been turned in to one about a specific package in Xenial, I see this as a bigger issue for all LTS releases. If an LTS release won't be patched to resolve a low priority vulnerability, what level of vulnerability will trigger a patch? If such a patch is required, will the maintainer(s) attempt to write a mitigation or back-port a fix, or will they upgrade these packages in the process anyway? Unlike many packages used in an LTS, Open VM Tools does not have a long- term stable release, it's always moving forward. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1741390 Title: Please backport open-vm-tools 2:10.2.0-3 (main) from bionic To manage notifications about this bug go to: https://bugs.launchpad.net/xenial-backports/+bug/1741390/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
