Bug#1023424: Vulnerabilities CVE-2022-1292, CVE-2022-2068, CVE-2022-2097

[Ondřej Surý]

Control: close -1 Please read the Debian change logs and use security tracker rather than blindly using upstream version number for assessing the status of security vulnerabilities in stable Debian release:. The information you are looking for can be found there: Information on source package openssl security-tracker.debian.org Cheers, Ondrej -- Ondřej Surý <ond...@sury.org> (He/Him) On 3. 11. 2022, at 20:39, nospam099-git...@yahoo.com wrote: Package: OpenSSL Version: 1.1.1n-0+deb11u3 Severity: critical Tags: bullseye security fixed-upstream Description: The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities:     * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] (critical)     * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] (critical)     * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] (medium) Fix: Updating the package to version (OpenSSL1.1.1s)[https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1s] would resolve them. -- System Information: Debian Release: 11.5   APT prefers stable-updates   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64)