[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CITL Releasing 7000 defects/vulnerabilities

Hi,

Ubuntu is based on testing and does not import our fixes after its release (except a few list), then it's normal to find a lot of vulnerabilities. See https://lemonldap-ng.org/documentation for exemple


Le 1 novembre 2020 14:59:32 GMT+01:00, Utkarsh Gupta <utkarsh@debian.org> a écrit :
[CCing team@security.d.o]

On Sun, Nov 1, 2020 at 7:09 PM Ole Streicher <olebole@debian.org> wrote:
I just stumbled upon the following web page:
https://cyber-itl.org/2020/10/28/citl-7000-defects.html
They claim to have found ~7000 defects in Ubuntu packages (a number of
those are maintained by me).

On a *very* quick look, some of these packages have CVE(s) issued
against them and are already fixed as well, I think.

That said, it'd be a bit weird if they don't report these issues and
ask for a CVE assignment against these.
Anyway, the security team might know more about this.


- u


--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
Reply to: