On Sat, 28 Jan 2023 at 03:56, Tixy <t...@yxit.co.uk> wrote: > On Fri, 2023-01-27 at 11:28 +0000, Brad Rogers wrote: > > On Fri, 27 Jan 2023 11:36:12 +0100 "Sijmen J. Mulder" <i...@sjmulder.nl> > > wrote:
> > > I was surprised to find that the recent git vulnerability hasn't yet > > > been addressed in Bullseye: > > > https://security-tracker.debian.org/tracker/CVE-2022-41903 > > The security-tracker CVE page you cited has links to all the > > information you requested. > Does it? It links to a bug which says it's been fixed in sid. And the > PTS shows it was fixed yesterday in old-stable and sid. But no sign I > can see that anything is being done for stable (Bullseye) which is what > Sijmen asked about. (I wouldn't know where to look for stable security > update activity). Announcement today regarding Stable (Bullseye) distribution: https://lists.debian.org/debian-security-announce/2023/msg00022.html