CVE-2009-2947 fix not applied
Bug #587739 reported by
Olly Betts
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xapian-omega (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: xapian-omega
CVE-2009-2947 was fixed on 2009-09-09 in Debian but Ubuntu is missing this fix.
Upstream 1.0.16 includes the fix, so no fix is required for this version or newer (this is the case for lucid and later).
Upstream 1.0.9-1.0.15 can use the fix applied in Debian 1.0.15-2 (this is the case for karmic):
http://
Upstream <= 1.0.8 can use the fix applied in Debian 1.0.7-3+lenny1 (this is the case for hardy and jaunty):
http://
CVE References
description: | updated |
Changed in xapian-omega (Ubuntu): | |
status: | Triaged → Won't Fix |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res