Ubuntu 24.04 security patch for Ubuntu Pro only
nate
ubuntu at linuxpowered.net
Wed Mar 11 06:01:33 UTC 2026
On 2026-03-10 19:05, Keith via ubuntu-users wrote:
> You've answered your question. Mongo-c-driver is in universe and
> therefore community supported. It's up to the community to backport
> whatever security patches are available from upstream into current
> version in noble. Nobody really seems to care, though, because nobody
> has even bothered to file a bug report about it:
>
> https://bugs.launchpad.net/ubuntu/+source/mongo-c-driver
> 0 New bugs
> 1 Open bug
> 0 In-progress bugs
> 0 Critical bugs
> 0 High importance bugs
> Bugs fixed elsewhere
> 0 Bugs with patches
> 0 Open CVE bugs
>
> Last I checked, Ubuntu provided diffs even for ESM packages. So it's
> not exactly difficult to get the source diffs through a subscription to
> Ubuntu Pro and create a patch set from it to apply to the package in
> universe. Someone from the community just needs to be willing to do the
> work.
thanks though I am still curious why ubuntu cared so much about a
package in universe to patch it like this, can't be a very important
package if it's in universe, like the example of varnish(also
in universe), several security issues but no patches in years. I'm sure
there's tons of others that are the same in the universe repo.. what
makes this mongo-c driver special enough to patch?
I suppose will never know.
Strange that they don't seem to document this practice anywhere.
Everything I have read says ESM does nothing(from a security standpoint)
other than extend the lifetime of LTS.
nate
More information about the ubuntu-users
mailing list