Control: close -1
Please read the Debian change logs and use security tracker rather than blindly using upstream version number for assessing the status of security vulnerabilities in stable Debian release:. The information you are looking for can be found there:
Ondrej --Ondřej Surý <ond...@sury.org> (He/Him) On 3. 11. 2022, at 20:39, nospam099-git...@yahoo.com wrote:
Package: OpenSSL Version: 1.1.1n-0+deb11u3 Severity: critical Tags: bullseye security fixed-upstream
Description: The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities: * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] (critical) * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] (critical) * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] (medium)
Fix: Updating the package to version (OpenSSL1.1.1s)[https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1s] would resolve them.
-- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64)
|