Please note that Ubuntu, much like Debian, SuSE, and Red Hat, backport security fixes to the versions that we have shipped, so comparing version numbers alone isn't a reliable way to determine which vulnerabilities, if any, are still open for a given package. For more information, see our FAQ and Debian's FAQ entries (the Debian faq doesn't apply directly, but I like this specific entry.) https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions and https://www.debian.org/security/faq#version)
We can't fix every issue immediately, and we have to prioritize our work based on the severity of the issue and how common the tools are, how much user interaction might be necessary to make exploits work. etc.
Hello,
Please note that Ubuntu, much like Debian, SuSE, and Red Hat, backport security fixes to the versions that we have shipped, so comparing version numbers alone isn't a reliable way to determine which vulnerabilities, if any, are still open for a given package. For more information, see our FAQ and Debian's FAQ entries (the Debian faq doesn't apply directly, but I like this specific entry.) https:/ /wiki.ubuntu. com/SecurityTea m/FAQ#Versions and https:/ /www.debian. org/security/ faq#version)
You can see that this CVE is still not handled yet: people. canonical. com/~ubuntu- security/ cve/2015/ CVE-2015- 2155.html people. canonical. com/~ubuntu- security/ cve/pkg/ tcpdump. html
http://
and that tcpdump has several more known security issues that need to be fixed:
http://
Our CVE tracking database can be queried at http:// people. canonical. com/~ubuntu- security/ cve/
We can't fix every issue immediately, and we have to prioritize our work based on the severity of the issue and how common the tools are, how much user interaction might be necessary to make exploits work. etc.
Thanks