Comment 34 for bug 1741390

Hi Emily,

I'm sorry, I posted my previous message in a hurry without checking out what the vulnerabilities involved.

Thanks for your response and the CVE link for open-vm-tools. That's helpful!

Can you please tell me the URL for the companion open-vm-tools-desktop package? It wasn't obvious.

Although this bug has been turned in to one about a specific package in Xenial, I see this as a bigger issue for all LTS releases. If an LTS release won't be patched to resolve a low priority vulnerability, what level of vulnerability will trigger a patch?

If such a patch is required, will the maintainer(s) attempt to write a mitigation or back-port a fix, or will they upgrade these packages in the process anyway?

Unlike many packages used in an LTS, Open VM Tools does not have a long-term stable release, it's always moving forward.