No security release provided in Lucid for CVE-2013-3567
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
puppet (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Lucid's version of puppet is listed as "ignored (reached end-of-life)" on the CVE tracking page for CVE-2013-3567 [1]. However, Ubuntu Lucid has not reached end-of-life for the server release -- indeed, `apt-cache show puppet` shows "Supported: 5y". The Ubuntu wiki[2] states that Ubuntu Server LTS supports "security updates and select bug fixes (5 years) -- This is defined as the union of the server-ship and supported-server seeds." Checking the seed file[3], I find that puppet is indeed listed in the server-ship seed.
On IRC, I was pointed to ~ubuntu-
Regardless, either the Lucid release of puppet should gain a security release for CVE-2013-3567, or Ubuntu should update their documentation in numerous places as to what packages are considered "supported" as part of Lucid server LTS.
[1] http://
[2] https:/
[3] http://
[4] http://
Thank you for your report. I've asked a member of the security team to clarify.