Re: CVE applicability

2024-06-18 Thread Salvatore Bonaccorso 
Hi,

On Wed, Jun 19, 2024 at 12:04:45AM +0530, Arul Anand MM wrote:
> Hello Debian Security Team,
> 
> This is regarding Debian advisory
> https://security-tracker.debian.org/tracker/CVE-2023-3390.
> 
> I would like to confirm whether version 5.10.191-1 is impacted by the UAF
> and LPE.
> 
> Advisory page on September 14
> https://web.archive.org/web/20230924174231/https://security-tracker.debian.org/tracker/CVE-2023-3390
> states the issue is fixed in 5.10.191-1 but the current version of advisory
> states "5.10.209-2" as the fixed version. Is there any information on the
> impacted version changes for CVE-2023-3390?

All the version information required is actually on
https://security-tracker.debian.org/tracker/CVE-2023-3390 . In the
lower table you see where the fix landed, In the table above you see
the current available versions in the suites, with their status.

But maybe I'm missunderstanding the question?

Regards,
Salvatore

CVE applicability

2024-06-18 Thread Arul Anand MM 
Hello Debian Security Team,

This is regarding Debian advisory
https://security-tracker.debian.org/tracker/CVE-2023-3390.

I would like to confirm whether version 5.10.191-1 is impacted by the UAF
and LPE.

Advisory page on September 14
https://web.archive.org/web/20230924174231/https://security-tracker.debian.org/tracker/CVE-2023-3390
states the issue is fixed in 5.10.191-1 but the current version of advisory
states "5.10.209-2" as the fixed version. Is there any information on the
impacted version changes for CVE-2023-3390?

Thanks.