version 3.3.1 has a security hole CVE-2017-11610
Bug #1776600 reported by
Janusz Harkot
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
supervisor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
supervisor package is not in line with actual version (3.3.4) e.g. CVE-2017-11610 - a security vulnerability is not fixed (fixed in 3.3.3)
CVE References
Changed in supervisor (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
Hi Janusz!
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.
Versions in our releases are: trusty 3.0b2-1ubuntu0.1 and xenial 3.2.0-2ubuntu0.2. For the other releases the issue in question not affect them. For trusty and xenial we already did an security update you can find the info in the changelog. Also, see that versions affected are before 3.3.3 as the CVE informs (https:/ /people. canonical. com/~ubuntu- security/ cve/2017/ CVE-2017- 11610.html).