Comment 2 for bug 587739

The Ubuntu releases with vulnerable versions are all EOL, so making this bug public and closing.

I find the lack of actual security support for the majority of packages in Ubuntu rather disturbing - I don't run Ubuntu myself currently so providing a tested debdiff isn't easy, but I did provide links to the patches which we applied in Debian, so the work required on the Ubuntu side would not have been great.