Confusion regarding the affected binaries in USN links
Hi, I am contacting you as I came across with a confusion while going through the Ubuntu Security Notice link. Here is an example of the issue,
https:/
Ubuntu 18.04
icu-devtools - 60.2-3ubuntu3.2
libicu60 - 60.2-3ubuntu3.2
libiculx60 - 60.2-3ubuntu3.2
Also, when we have a look at https:/
bionic (libs): 60.2-3ubuntu3.2 [security]
Binary packages: icu-devtools, icu-doc, libicu-dev, libicu60, libiculx60
Here, is the vulnerability affected for all the binary packages of icu listed in the above link or is it related only to the binaries which are mentioned in USN page? If it is related to all the binaries of icu, why only 3 packages are mentioned exclusively in the above USN link. Such similar concerns are there in almost all USNs, Ex: USN-5333-2, USN-5325-1. The confusion basically arrives as the Ubuntu vendor oval adds all the binaries in the definition although the advisory lists only some particular binaries as vulnerable. Can you please help me understand this issue faced in USN advisories.
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Manfred Hampl
- Solved:
- Last query:
- Last reply: