Bug#1023424: Re; Bug#1023424: Vulnerabilities CVE-2022-1292, CVE-2022-2068, CVE-2022-2097
Control: severity -1 important Control: tags -1 - bullseye On Thu, 2022-11-03 at 20:35 +, nospam099-git...@yahoo.com wrote: > The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities: > * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] > (critical) > * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] > (critical) No. Both of the above are already resolved in 1.1.1n-0+deb11u3, as indicated by https://security-tracker.debian.org/tracker/CVE-2022-1292 and https://security-tracker.debian.org/tracker/CVE-2022-2068 (indeed, the former was fixed in 1.1.1n-0+deb11u2). > * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] > (medium) > and https://security-tracker.debian.org/tracker/CVE-2022-2097 has this tagged as waiting for additional updates to fix it alongside. Regards, Adam
Bug#1023424: Vulnerabilities CVE-2022-1292, CVE-2022-2068, CVE-2022-2097
Control: close -1Please read the Debian change logs and use security tracker rather than blindly using upstream version number for assessing the status of security vulnerabilities in stable Debian release:. The information you are looking for can be found there:Information on source package opensslsecurity-tracker.debian.orgCheers,Ondrej--Ondřej Surý (He/Him)On 3. 11. 2022, at 20:39, nospam099-git...@yahoo.com wrote:Package: OpenSSLVersion: 1.1.1n-0+deb11u3Severity: criticalTags: bullseye security fixed-upstreamDescription:The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities:* (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] (critical)* (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] (critical)* (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] (medium)Fix:Updating the package to version (OpenSSL1.1.1s)[https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1s] would resolve them.-- System Information:Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')Architecture: amd64 (x86_64)
Bug#1023424: Vulnerabilities CVE-2022-1292, CVE-2022-2068, CVE-2022-2097
Package: OpenSSL Version: 1.1.1n-0+deb11u3 Severity: critical Tags: bullseye security fixed-upstream Description: The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities: * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] (critical) * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] (critical) * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] (medium) Fix: Updating the package to version (OpenSSL1.1.1s)[https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1s] would resolve them. -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64)