This doesn't sound like a Debian issue. It sounds more like a disagreement between your source of vulnerability information and Ubuntu about when a problem is fixed (or whether it was). I also don't see CVE-2018-5710 as a vulnerability that upstream lists as fixed in their git history.
I would not want to take on the liability of making a comment about whether a particular issue is fixed in a particular package version in Ubuntu unless I prepared that version. --Sam -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
