Ubuntu
tinc package

Unfixed security issues CVE-2018-16758, CVE-2018-16738

Bug #1797343 reported by Jan Hülsbergen
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tinc (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Confirmed
Undecided
Unassigned
Bionic
Confirmed
Undecided
Unassigned
See original description

CVE References

Jan Hülsbergen (jan-afoo)
information type: Private Security → Public
information type: Public → Public Security
description: updated
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

tags: added: community-security
Revision history for this message
t-m-w (t-m-w) wrote :

Does Ubuntu have the ability to remove unmaintained and vulnerable community packages? If so, please remove tinc, as it looks like in several months, fixes present in Debian have not made their way here, putting users at unnecessary risk.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in tinc (Ubuntu):
status: New → Confirmed
Christian Ehrhardt  (paelzer)
Changed in tinc (Ubuntu Xenial):
status: New → Confirmed
Changed in tinc (Ubuntu Bionic):
status: New → Confirmed
Changed in tinc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.