Hi Janusz! Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.
Versions in our releases are: trusty 3.0b2-1ubuntu0.1 and xenial 3.2.0-2ubuntu0.2. For the other releases the issue in question not affect them. For trusty and xenial we already did an security update you can find the info in the changelog. Also, see that versions affected are before 3.3.3 as the CVE informs (https://people.canonical.com/~ubuntu- security/cve/2017/CVE-2017-11610.html). ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11610 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776600 Title: version 3.3.1 has a security hole CVE-2017-11610 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/supervisor/+bug/1776600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
