The Ubuntu releases with vulnerable versions are all EOL, so making this bug public and closing.
I find the lack of actual security support for the majority of packages in Ubuntu rather disturbing - I don't run Ubuntu myself currently so providing a tested debdiff isn't easy, but I did provide links to the patches which we applied in Debian, so the work required on the Ubuntu side would not have been great.
The Ubuntu releases with vulnerable versions are all EOL, so making this bug public and closing.
I find the lack of actual security support for the majority of packages in Ubuntu rather disturbing - I don't run Ubuntu myself currently so providing a tested debdiff isn't easy, but I did provide links to the patches which we applied in Debian, so the work required on the Ubuntu side would not have been great.