Hi Leroy, Some additions to what others have already said:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions points out "Sometimes external security vendors doing software version scanning against Ubuntu systems do not check actual package versions, leading to false positives in their scan reports. For an authoritative source of what packages may have outstanding vulnerabilities, the Ubuntu CVE Tracker can be consulted." The Ubuntu CVE Tracker at https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5387.html says that the fix was released in package version "2.4.18-2ubuntu3.1" (in Xenial, for example), and I believe this database reflects the Ubuntu Security Team's official position. In addition it is confirmed in the linked announcement https://usn.ubuntu.com/3038-1/ which certainly is an official statement. Is that is not sufficient for your needs, why isn't it? Robie
signature.asc
Description: PGP signature
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam