Is there an official statement about the Ubuntu package version identifier
Leroy Tennison
leroy at datavoiceint.com
Wed Jun 12 04:46:19 UTC 2019
Just FYI, the scanning vendor accepted all of the disputes based on people.canonical.com and usn.ubuntu.com.
________________________________
From: ubuntu-server <ubuntu-server-bounces at lists.ubuntu.com> on behalf of Leroy Tennison <leroy at datavoiceint.com>
Sent: Tuesday, June 11, 2019 1:40:25 PM
To: Robie Basak
Cc: ubuntu-server at lists.ubuntu.com
Subject: Re: Is there an official statement about the Ubuntu package version identifier
As I said previously, sorry for the delayed response. This is perfect, I wasn't aware of the significance of the usn link on people.canonical.com<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpeople.canonical.com&c=E,1,U2UvYxyDt9-E2DZRqEixxF_Xnup9lWhp-FEJmBHOHKCtEhl0Kqdv96rrqedsgV9E0miYBy0xfXd-wkn0QVKmvAOv03LZGnTUcdm1HYTKUyX8PA,,&typo=1>, that is exactly what I am going to use in my reply to the scanning vendor. Thank you so much for your reply.
Harriscomputer
Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy at datavoiceint.com
[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>
This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f&c=E,1,TG6Wlsa00jfbvmN7XHTaEQTius88BeO00nJEY1SDKnLqvRB1q58phV2-UuCP03gdd8wF1zWw6fmYjWgav0yzGNua99qfFHaux5CZptorHAOo5YQ,&typo=1>.
If you prefer not to be contacted by Harris Operating Group please notify us<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fsubscribe.harriscomputer.com%2f&c=E,1,Jmk0Bq1r3SPNqQ1AQXNWn6au-4k6zj1fUjro-dpHpmLlPdGx2RTH7g6D4MzvWkbzlBrIzINH7t353fHvACiIZOhkqHZ5kjB2Qalsx6EaoiUXFum-Cg,,&typo=1>.
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
Harriscomputer
Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy at datavoiceint.com
[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]
2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>
This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>.
If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>.
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.
________________________________
From: Robie Basak <robie.basak at ubuntu.com>
Sent: Saturday, June 8, 2019 10:21:19 AM
To: Leroy Tennison
Cc: ubuntu-server at lists.ubuntu.com
Subject: [EXTERNAL] Re: Is there an official statement about the Ubuntu package version identifier
Hi Leroy,
Some additions to what others have already said:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions points out "Sometimes
SecurityTeam/FAQ - Ubuntu Wiki<https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions>
wiki.ubuntu.com
Official Support. What does official security support mean? Members of the Ubuntu Security team are Canonical employees who provide security updates for supported software in the Ubuntu distribution. Security updates are in part prioritized based on severity of impact, exploitability and number of affected users.
external security vendors doing software version scanning against Ubuntu
systems do not check actual package versions, leading to false positives
in their scan reports. For an authoritative source of what packages may
have outstanding vulnerabilities, the Ubuntu CVE Tracker can be
consulted."
The Ubuntu CVE Tracker at
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpeople.canonical.com%2f~ubuntu-security%2fcve%2f2016%2fCVE-2016-5387.html&c=E,1,mtiohJnCvZnc1CdM-uqJsHUu87cl5O7feXmhb2-KABP09OqyKeK-nTrjURx8SyXb98fX3TURYi66y-3u1PkXl-QLYFG8U-0536A0KBkHBg4zB07ShpE,&typo=1
says that the fix was released in package version "2.4.18-2ubuntu3.1"
(in Xenial, for example), and I believe this database reflects the
Ubuntu Security Team's official position. In addition it is confirmed in
the linked announcement https://usn.ubuntu.com/3038-1/ which certainly
is an official statement.
Is that is not sufficient for your needs, why isn't it?
Robie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20190612/665b280c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG
Type: image/png
Size: 8276 bytes
Desc: Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20190612/665b280c/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 8276 bytes
Desc: Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20190612/665b280c/attachment-0003.png>
More information about the ubuntu-server
mailing list