openssl 0.9.8o in natty but not LTS lucid

Asked by Brian Milnes on 2011-07-24

 There appear to be real security issues in 0.9.8k openssl in lucid but Natty is now up to a good revision. When and how can we
get openssl updated in Lucid?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Last query:
2011-07-24
Last reply:
2011-07-25

The policy of Ubuntu (and most other GNU/Linux OSes) for maintaining software in stable releases is to release distribution-specific updated versions that fix security vulnerabilities and serious stability and usability bugs, while minimally changing the way the software works and not including new features (which could themselves be undesirable or introduce further instability). See https://wiki.ubuntu.com/StableReleaseUpdates.

https://launchpad.net/ubuntu/+source/openssl shows that openssl in Lucid has been updated extensively in this manner. Are you sure the security vulnerabilities have not been patched in these stable release updates? (You can look through the changelogs and/or search Launchpad for the specific bugs to check.)

Can you help with this problem?

Provide an answer of your own, or ask Brian Milnes for more information if necessary.

To post a message you must log in.