On 02/06/2017 03:43 AM, Gianfranco Costamagna wrote: > Hello Ubuntu Security Team, > >> tcpdump (4.7.4-1ubuntu1) wily; urgency=low >> -- Gianfranco Costamagna <costamagnagianfranco at yahoo.it> Fri, 29 May >> 2015 20:13:33 +0200 > > since this happen to be me doing the merges... > lets do this: > > apparently Debian used 4.9.0 to stable-release update tcpdump. > They might have their good reasons to update wheezy from 4.3.0 to 4.9.0 > and jessie from 4.7.4 to 4.9.0. > That said, I followed the same updates as Debian, and published in my ppa the > updates for Trusty, > Xenial, Yakkety. > https://launchpad.net/~costamagnagianfranco/+archive/ubuntu/locutusofborg-ppa/+packages > > Security Team, how do you feel about uploading them? > (please double check my work, even if it sounds exactly the same as Debian, > with the same tests disabled > due to old pcap library)
FYI, Gianfranco created a security sponsoring request bug for this: https://launchpad.net/bugs/1662177 Thanks, Gianfranco! I'm on security sponsoring duty this week and will coordinate the tcpdump updates in that bug. I can't say how I feel about doing the version bump until I have a chance to take a closer look but please subscribe to the bug for to stay up-to-date. It may be a day or two before I get a chance to really look into this. These tcpdump issues are mitigated by the AppArmor profile that confines tcpdump in the default install. Because of that, we've given the issues a slightly lower priority than we normally would if the AppArmor profile wasn't present. Tyler
signature.asc
Description: OpenPGP digital signature
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
