Ubuntu
openssl package

Comment 2 for bug 655884

Revision history for this message

rfoster55 (rfoster55) wrote on 2010-10-06: Re: [Bug 655884] Re: CVE-2009-3245 not fixed for 8.04LTS

Marc,

Thanks for the reply. The reason I suspected it got overlooked is that it's been listed for a while in the CVE tracker and openssl updates have subsequently been released and debian stable already has it. It isn't often that Ubuntu LTS releases are behind debian stable-- which I mean as a complement to the Ubuntu maintainers. Thanks.

Bob

--- On Wed, 10/6/10, Marc Deslauriers <email address hidden> wrote:

From: Marc Deslauriers <email address hidden>
Subject: [Bug 655884] Re: CVE-2009-3245 not fixed for 8.04LTS
To: <email address hidden>
Date: Wednesday, October 6, 2010, 12:08 PM

Thanks for reporting this issue. This isn't an oversight, this CVE is
correctly being tracked in our CVE tracker:

http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3245.html

Since we consider this to be a "low" priority issue, it will be bundled
in a future openssl security update.

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3245

** Changed in: openssl (Ubuntu)
Status: New => Confirmed

** Also affects: openssl (Ubuntu Dapper)
Importance: Undecided
Status: New

** Also affects: openssl (Ubuntu Hardy)
Importance: Undecided
Status: New

** Also affects: openssl (Ubuntu Jaunty)
Importance: Undecided
Status: New

** Also affects: openssl (Ubuntu Karmic)
Importance: Undecided
Status: New

** Changed in: openssl (Ubuntu Dapper)
Status: New => Confirmed

** Changed in: openssl (Ubuntu Hardy)
Status: New => Confirmed

** Changed in: openssl (Ubuntu Jaunty)
Status: New => Confirmed

** Changed in: openssl (Ubuntu Karmic)
Status: New => Confirmed

** Changed in: openssl (Ubuntu Hardy)
Importance: Undecided => Low

** Changed in: openssl (Ubuntu Karmic)
Importance: Undecided => Low

** Changed in: openssl (Ubuntu Dapper)
Importance: Undecided => Low

** Changed in: openssl (Ubuntu Jaunty)
Importance: Undecided => Low

** Changed in: openssl (Ubuntu)
Importance: Undecided => Low

--
CVE-2009-3245 not fixed for 8.04LTS
https://bugs.launchpad.net/bugs/655884
You received this bug notification because you are a direct subscriber
of the bug.

Marc,

Thanks for the reply.  The reason I suspected it got overlooked is that it's been listed for a while in the CVE tracker and openssl updates have subsequently been released and debian stable already has it.  It isn't often that Ubuntu LTS releases are behind debian stable-- which I mean as a complement to the Ubuntu maintainers. Thanks.

Bob

--- On Wed, 10/6/10, Marc Deslauriers <marc.deslauriers@canonical.com> wrote:

From: Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: [Bug 655884] Re: CVE-2009-3245 not fixed for 8.04LTS
To: rfoster55@yahoo.com
Date: Wednesday, October 6, 2010, 12:08 PM

Thanks for reporting this issue. This isn't an oversight, this CVE is
correctly being tracked in our CVE tracker:

http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3245.html

Since we consider this to be a "low" priority issue, it will be bundled
in a future openssl security update.

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3245

** Changed in: openssl (Ubuntu)
       Status: New => Confirmed

** Also affects: openssl (Ubuntu Dapper)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Jaunty)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Changed in: openssl (Ubuntu Dapper)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu Hardy)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu Jaunty)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu Karmic)
       Status: New => Confirmed

** Changed in: openssl (Ubuntu Hardy)
   Importance: Undecided => Low

** Changed in: openssl (Ubuntu Karmic)
   Importance: Undecided => Low

** Changed in: openssl (Ubuntu Dapper)
   Importance: Undecided => Low

** Changed in: openssl (Ubuntu Jaunty)
   Importance: Undecided => Low

** Changed in: openssl (Ubuntu)
   Importance: Undecided => Low

-- 
CVE-2009-3245 not fixed for 8.04LTS
https://bugs.launchpad.net/bugs/655884
You received this bug notification because you are a direct subscriber
of the bug.

Ubuntuopenssl package

Comment 2 for bug 655884

Ubuntu
openssl package