<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Control: close -1</div><div><br></div>Please read the Debian change logs and use security tracker rather than blindly using upstream version number for assessing the status of security vulnerabilities in stable Debian release:. The information you are looking for can be found there:<div><br></div><div><div style="display: block;" class=""><div style="-webkit-user-select: all; -webkit-user-drag: element; display: inline-block;" class="apple-rich-link" draggable="true" role="link" data-url="https://security-tracker.debian.org/tracker/source-package/openssl"><a style="border-radius:10px;font-family:-apple-system, Helvetica, Arial, sans-serif;display:block;-webkit-user-select:none;width:300px;user-select:none;-webkit-user-modify:read-only;user-modify:read-only;overflow:hidden;text-decoration:none;" class="lp-rich-link" rel="nofollow" href="https://security-tracker.debian.org/tracker/source-package/openssl" dir="ltr" role="button" draggable="false" width="300"><table style="table-layout:fixed;border-collapse:collapse;width:300px;background-color:#E9E9EB;font-family:-apple-system, Helvetica, Arial, sans-serif;" class="lp-rich-link-emailBaseTable" cellpadding="0" cellspacing="0" border="0" width="300"><tbody><tr><td vertical-align="center"><table bgcolor="#E9E9EB" cellpadding="0" cellspacing="0" width="300" style="font-family:-apple-system, Helvetica, Arial, sans-serif;table-layout:fixed;background-color:rgba(233, 233, 235, 1);" class="lp-rich-link-captionBar"><tbody><tr><td style="padding:8px 0px 8px 0px;" class="lp-rich-link-captionBar-textStackItem"><div style="max-width:100%;margin:0px 16px 0px 16px;overflow:hidden;" class="lp-rich-link-captionBar-textStack"><div style="word-wrap:break-word;font-weight:500;font-size:12px;overflow:hidden;text-overflow:ellipsis;text-align:left;" class="lp-rich-link-captionBar-textStack-topCaption-leading"><a rel="nofollow" href="https://security-tracker.debian.org/tracker/source-package/openssl" style="text-decoration: none" draggable="false"><font color="#000000" style="color: rgba(0, 0, 0, 1);">Information on source package openssl</font></a></div><div style="word-wrap:break-word;font-weight:400;font-size:11px;overflow:hidden;text-overflow:ellipsis;text-align:left;" class="lp-rich-link-captionBar-textStack-bottomCaption-leading"><a rel="nofollow" href="https://security-tracker.debian.org/tracker/source-package/openssl" style="text-decoration: none" draggable="false"><font color="#A2A2A9" style="color: rgba(60, 60, 67, 0.6);">security-tracker.debian.org</font></a></div></div></td><td style="padding:6px 12px 6px 0px;" class="lp-rich-link-captionBar-rightIconItem" width="36"><a rel="nofollow" href="https://security-tracker.debian.org/tracker/source-package/openssl" draggable="false"><img style="pointer-events:none !important;display:inline-block;width:36px;height:36px;border-radius:3px;" width="36" height="36" draggable="false" class="lp-rich-link-captionBar-rightIcon" alt="favicon.ico" src="cid:7F3D6BA4-5B27-4DD0-9A3D-A6E079E2293B"></a></td></tr></tbody></table></td></tr></tbody></table></a></div></div><br>Cheers,</div><div>Ondrej<br><div dir="ltr"><span style="background-color: rgba(255, 255, 255, 0);">--</span><div><span style="background-color: rgba(255, 255, 255, 0);">Ondřej Surý <ondrej@sury.org> (He/Him)</span></div></div><div dir="ltr"><br><blockquote type="cite">On 3. 11. 2022, at 20:39, nospam099-github@yahoo.com wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>Package: OpenSSL</span><br><span>Version: 1.1.1n-0+deb11u3</span><br><span>Severity: critical</span><br><span>Tags: bullseye security fixed-upstream</span><br><span></span><br><span>Description:</span><br><span>The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities:</span><br><span>    * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292] (critical)</span><br><span>    * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068] (critical)</span><br><span>    * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097] (medium)</span><br><span></span><br><span>Fix:</span><br><span>Updating the package to version (OpenSSL1.1.1s)[https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1s] would resolve them.</span><br><span></span><br><span>-- System Information:</span><br><span>Debian Release: 11.5</span><br><span>  APT prefers stable-updates</span><br><span>  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')</span><br><span>Architecture: amd64 (x86_64)</span><br><span></span><br></div></blockquote></div></body></html>