: Is there an official statement about the Ubuntu package version
identifier
As I said previously, sorry for the delayed response. This is perfect, I
wasn't aware of the significance of the usn link on
people.canonical.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpeople.canon
ists.ubuntu.com
Subject: [EXTERNAL] Re: Is there an official statement about the Ubuntu package
version identifier
Hi Leroy,
Some additions to what others have already said:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions points out "Sometimes
SecurityTeam/FAQ - Ubuntu
Wiki<https://w
r immediately by e-mail and delete all
copies of the message.
From: Rafael David Tinoco
Sent: Friday, June 7, 2019 12:35:02 PM
To: Leroy Tennison; ubuntu-server@lists.ubuntu.com
Subject: [EXTERNAL] Re: Is there an official statement about the Ubuntu package
Hi Leroy,
Some additions to what others have already said:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions points out "Sometimes
external security vendors doing software version scanning against Ubuntu
systems do not check actual package versions, leading to false positives
in their scan report
On Thu, 6 Jun 2019 at 20:04, Leroy Tennison wrote:
>
> The reason I ask is I have a commercial vulnerability scanner reporting
as "fail" a test (for example, CVE-2016-5387)of our systems where
https://people.canonical.com/~ubuntu-security/cve/ states that a fix has
been released and our current ve
Hello Leroy
On 06/06/2019 16:03, Leroy Tennison wrote:
> The reason I ask is I have a commercial vulnerability scanner reporting
> as "fail" a test (for example, CVE-2016-5387)of our
> systems where https://people.canonical.com/~ubuntu-security/cve/ states
> that a fix has been released and our cu
The reason I ask is I have a commercial vulnerability scanner reporting as
"fail" a test (for example, CVE-2016-5387)of our systems where
https://people.canonical.com/~ubuntu-security/cve/ states that a fix has been
released and our current version appears to be later than that release. I need