The vulnerabilities can be found here:
https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/
When it comes to the backport updates, how can I tell if backport has
updated the specific software I need updated?
On Sat, Feb 4, 2017 at 5:16 AM, Robie Basak <robie.ba...@ubuntu.com> wrote:
> On Fri, Feb 03, 2017 at 08:58:45AM -0500, Sephiroth Storm wrote:
> > Your repos currently have 4.7.x as the latest version of tcpdump
> available
> > when it is up to 4.9.x. As your version of tcpdump may have numerous
> > vulnerabilities, when will the repo be populated with the updated
> version?
>
> In addition to what Nish said, note that we usually backport security
> fixes to the stable release. You won't see the upstream version number
> go up, but the security vulnerabilities will be fixed. Therefore you
> cannot use the upstream version number as an indicator of whether
> security vulnerabilities exist or not in any distribution package.
>
--
KP Sephiroth Shamshan Kali(Krath)/Tridens of Tarentum [ACC: CL:1]
{SA: KS: ToL - DBB - AS - AIM - ICQ - IRC - MSN - LA - LF - ACC - CM - SC -
D: KCORE - ATW - HS1 - HSII - HSIII - PRH - O: SCORE - TE - TS}
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
