Looking for Contact for OpenSSL on Trusty to be updated

Thomas Ward teward at ubuntu.com
Wed Sep 20 23:22:00 UTC 2017


Based solely on the CVE information, I'd surmise we aren't affected by
CVE-2017-3733, because we don't have any OpenSSL 1.1.0 in the
repositories - anywhere.  The original Apache announcement also
indicated that 1.0.2 is not affected, and the Security Team made a note
that only OpenSSL 1.1.x is affected.

Since that's what's there, I'm pretty sure there's no need to worry
about this CVE with regards to any current Ubuntu releases.


Thomas


On 09/20/2017 06:38 PM, Robie Basak wrote:
> On Tue, Sep 19, 2017 at 03:31:22AM +0000, Eric Yuen wrote:
>> I am looking for a contact to reach out in regards https://packages.ubuntu.com/trusty/openssl on Trusty and having an update to the OpenSSL package updated with CVE-2017-3733
> The CVE database reports that Trusty is not affected by CVE-2017-3733:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-3733.html
>
> If this is incorrect, please contact the security team:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
> Hope that helps,
>
> Robie
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20170920/03806fcd/attachment.html>


More information about the Ubuntu-devel-discuss mailing list