TCPDump Version
Tyler Hicks
tyhicks at canonical.com
Mon Feb 6 19:10:42 UTC 2017
On 02/06/2017 03:43 AM, Gianfranco Costamagna wrote:
> Hello Ubuntu Security Team,
>
>> tcpdump (4.7.4-1ubuntu1) wily; urgency=low
>> -- Gianfranco Costamagna <costamagnagianfranco at yahoo.it> Fri, 29 May 2015 20:13:33 +0200
>
> since this happen to be me doing the merges...
> lets do this:
>
> apparently Debian used 4.9.0 to stable-release update tcpdump.
> They might have their good reasons to update wheezy from 4.3.0 to 4.9.0
> and jessie from 4.7.4 to 4.9.0.
> That said, I followed the same updates as Debian, and published in my ppa the updates for Trusty,
> Xenial, Yakkety.
> https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/locutusofborg-ppa/+packages
>
> Security Team, how do you feel about uploading them?
> (please double check my work, even if it sounds exactly the same as Debian, with the same tests disabled
> due to old pcap library)
FYI, Gianfranco created a security sponsoring request bug for this:
https://launchpad.net/bugs/1662177
Thanks, Gianfranco!
I'm on security sponsoring duty this week and will coordinate the
tcpdump updates in that bug. I can't say how I feel about doing the
version bump until I have a chance to take a closer look but please
subscribe to the bug for to stay up-to-date.
It may be a day or two before I get a chance to really look into this.
These tcpdump issues are mitigated by the AppArmor profile that confines
tcpdump in the default install. Because of that, we've given the issues
a slightly lower priority than we normally would if the AppArmor profile
wasn't present.
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20170206/ef12e3c8/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list