apticron update

Brian McKee brian.mckee at gmail.com
Sat Apr 25 13:52:44 UTC 2009

2009/4/23 Dušan Vejnovič <dusan at dussan.org>:


> Is CVE signature without number o.k. or is something wrong?

Sharp eyes to pick that up - I didn't notice it.  I would *guess* that
someone forget to fill in the blanks on the form correctly rather than
it being an issue.  It might also be related to the fact that when I
tried to go to https://bugs.launchpad.net/ubuntu/+cve launchpad bombs
out.  I'm not concerned, I think someone sharp enough to compromise
the package server would also be sharp enough to create a real looking
CVE number, but I can't make you comfortable about it :-)

I suppose the correct thing to do would be to create a new bug on
launchpad stating the release notes are wrong and see what happens.
Might be quicker/easier to find the right IRC channel or email the
security team politely inquiring. It's marked as a low priority update
- holding off on it for a while wouldn't be wrong.  If you choose to
follow up, keep us posted!


More information about the ubuntu-users mailing list