[Bug 900244] Re: Please backport openssl
** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/900244 Title: Please backport openssl To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/900244/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 900244] Re: Please backport openssl
Thank you for requesting this backport. It's not true that anything less than 0.9.8r breaks PCI compliance. It just breaks automated PCI compliance testing. The Ubuntu security team regularly backports patches for OpenSSL to keep the version in Lucid patched for security vulnerabilities. Also, due to not wanting to break people on upgrade, we'd have to backport openssl 1.0 to maverick and natty as well. Since openssl 1.0 has a new ABI, all the reverse dependencies would need to be rebuilt in the backports pocket for the 3 releases as well. This backport brings too much risk, so I'm going to have to mark it won't fix. If you have specific questions about whether or not a security patch has been applied, you can see the Ubuntu Security Notices for Lucid here: http://www.ubuntu.com/usn/lucid/. If you find that a patch might not have been applied that you are expecting, please feel free to E-Mail the Ubuntu Security team at security at ubuntu dot com. ** Changed in: lucid-backports Status: New = Won't Fix -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/900244 Title: Please backport openssl To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/900244/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 900244] Re: Please backport openssl
See also our FAQ on the subject: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/900244 Title: Please backport openssl To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/900244/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 900244] Re: Please backport openssl
Thanks for the prompt response. This was due to automatic PCI compliance testing. I'll look through the security notices to check for the patches and or issues that have cropped up with our testing process. Thanks for the information and the security notices url, I was unaware of that. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/900244 Title: Please backport openssl To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/900244/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
