On Tue, Nov 06, 2018 at 10:46:22AM +0000, Jonathon Fernyhough wrote: > On 06/11/2018 09:34, Daniel Llewellyn wrote: > > For maintainers, spamassassin is in `main` on at least 18.04, so I think > > it should be subject to security coverage. > > 3.4.2 is in Cosmic so should be backportable, Bionic hasn't had an > update (patch or otherwise) "yet".
That depends on whether any other changes not suitable to be made in a stable Ubuntu release were included by upstream. Please note that the CVEs listed in the bug have been triaged by the security team. None of them were rated as "High" or "Critical", so I don't think the security team will be treating this with priority: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Issues_that_warrant_a_security_update You can look up Ubuntu's status of specific CVEs yourself in the CVE database: https://people.canonical.com/~ubuntu-security/cve/
signature.asc
Description: PGP signature
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
