Control: severity -1 important Control: tags -1 - bullseye On Thu, 2022-11-03 at 20:35 +0000, nospam099-git...@yahoo.com wrote: > The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities: > * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] > (critical) > * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] > (critical)
No. Both of the above are already resolved in 1.1.1n-0+deb11u3, as indicated by https://security-tracker.debian.org/tracker/CVE-2022-1292 and https://security-tracker.debian.org/tracker/CVE-2022-2068 (indeed, the former was fixed in 1.1.1n-0+deb11u2). > * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] > (medium) > and https://security-tracker.debian.org/tracker/CVE-2022-2097 has this tagged as waiting for additional updates to fix it alongside. Regards, Adam
