brian.mckee at gmail.com
Sat Apr 25 13:52:44 UTC 2009
2009/4/23 Dušan Vejnovič <dusan at dussan.org>:
> - CVE-XXXX-XXXX
> Is CVE signature without number o.k. or is something wrong?
Sharp eyes to pick that up - I didn't notice it. I would *guess* that
someone forget to fill in the blanks on the form correctly rather than
it being an issue. It might also be related to the fact that when I
tried to go to https://bugs.launchpad.net/ubuntu/+cve launchpad bombs
out. I'm not concerned, I think someone sharp enough to compromise
the package server would also be sharp enough to create a real looking
CVE number, but I can't make you comfortable about it :-)
I suppose the correct thing to do would be to create a new bug on
launchpad stating the release notes are wrong and see what happens.
Might be quicker/easier to find the right IRC channel or email the
security team politely inquiring. It's marked as a low priority update
- holding off on it for a while wouldn't be wrong. If you choose to
follow up, keep us posted!
More information about the ubuntu-users