Comment 0 for bug 1978555
Revision history for this message
| Luís Infante da Câmara (luis220413) wrote New upstream maintenance and security releases for Focal and Jammy | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Focal and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs.