[ubuntu-hardened] Incorrect CVE?
Koen De Groote
kdg.dev at gmail.com
Tue Feb 21 15:49:09 UTC 2023
Greetings,
I was checking CVEs for my Ubuntu 20.04 install and found this:
https://ubuntu.com/security/CVE-2009-5080
The description says the vulnerability applies to the "groff" package,
versions 1.21 and below.
However, the default install of the "groff" package on Ubuntu 20.04 is
version 1.22.4:
$ dpkg --list | grep 'groff'
ii groff-base 1.22.4-4build1
amd64 GNU troff text-formatting system (base system components)
$ sudo apt install --only-upgrade groff-base --dry-run
Reading package lists... Done
Building dependency tree
Reading state information... Done
groff-base is already the newest version (1.22.4-4build1).
Ubuntu 18.04 also has a more recent version:
$ dpkg --list | grep 'groff'
ii groff-base 1.22.3-10
amd64 GNU troff text-formatting system (base system
components)
$ sudo apt install --only-upgrade groff-base --dry-run
Reading package lists... Done
Building dependency tree
Reading state information... Done
groff-base is already the newest version (1.22.3-10).
Does the CVE page need to be updated, or is something else wrong?
Regards,
Koen De Groote
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20230221/47c4a7d0/attachment.html>
More information about the ubuntu-hardened
mailing list