Ubuntu
libyaml package

No security update released for 10.04 Lucid

Bug #1277837 reported by Orien Madgwick on 2014-02-08

This bug report is a duplicate of: Bug #1276156: CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	libyaml (Ubuntu)	Won't Fix	Undecided	Unassigned

Bug Description

According to the page http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-6393.html security updates have been released for other Ubuntu releases but not 10.04 LTS Lucid. Lucid has been "ignored (reached end-of-life)". I believe this ignorance is in error.

This package is still supported in Lucid. Could an update please be released?

Orien Madgwick (orien-madgwick) on 2014-02-08

information type:

Private Security → Public

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-02-08:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libyaml (Ubuntu):
status:	New → Confirmed

Revision history for this message

Patrick Mylund Nielsen (patrickmn) wrote on 2014-02-08:

Perhaps libyaml was assumed to be a desktop package, but it is definitely in use on many 10.04 LTS servers.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2014-02-09:

This package is no longer part of the supported package set on Ubuntu 10.04. It was only supported for 3 years, and was never part of the 5 year supported package set.

This is the list of packages supported for 5 years in Ubuntu 10.04:
http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/lucid-supported.txt

See the following for more information:

https://wiki.ubuntu.com/SecurityTeam/FAQ#Official%20Support