Dropbear in Xenial is missing security updates
Bug #1790722 reported by
Rowan Wookey
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dropbear (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
CVE-2017-9078 and CVE-2017-9079 are missing from Xenial, they've been fixed in Debian upstream.
Revision history for this message
| Leonidas S. Barbosa (leosilvab) wrote | #1 |
| tags: | added: community-security |
| information type: | Private Security → Public Security |
To post a comment you must log in.
Hi Rowan!
Since the dropbear package is in the universe repository, it is community maintained.
This means that the security team will not be fixing the package unless a community
member contributes a debdiff for sponsoring that fixes the issue.
Meanwhile I'll make this bug public since the issue is already known.