Is there an official statement about the Ubuntu package version identifier
robie.basak at ubuntu.com
Sat Jun 8 15:21:19 UTC 2019
Some additions to what others have already said:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions points out "Sometimes
external security vendors doing software version scanning against Ubuntu
systems do not check actual package versions, leading to false positives
in their scan reports. For an authoritative source of what packages may
have outstanding vulnerabilities, the Ubuntu CVE Tracker can be
The Ubuntu CVE Tracker at
says that the fix was released in package version "2.4.18-2ubuntu3.1"
(in Xenial, for example), and I believe this database reflects the
Ubuntu Security Team's official position. In addition it is confirmed in
the linked announcement https://usn.ubuntu.com/3038-1/ which certainly
is an official statement.
Is that is not sufficient for your needs, why isn't it?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the ubuntu-server