[Pkg-openssl-devel] Bug#1023424: Re; Bug#1023424: Vulnerabilities CVE-2022-1292, CVE-2022-2068, CVE-2022-2097
Adam D. Barratt
adam at adam-barratt.org.uk
Thu Nov 3 21:04:28 GMT 2022
Control: severity -1 important
Control: tags -1 - bullseye
On Thu, 2022-11-03 at 20:35 +0000, nospam099-github at yahoo.com wrote:
> The component OpenSSL1.1.1n-0+deb11u3 suffers from 3 vulnerabilities:
> * (CVE-2022-1292)[https://nvd.nist.gov/vuln/detail/CVE-2022-1292]
> (critical)
> * (CVE-2022-2068)[https://nvd.nist.gov/vuln/detail/CVE-2022-2068]
> (critical)
No. Both of the above are already resolved in 1.1.1n-0+deb11u3, as
indicated by https://security-tracker.debian.org/tracker/CVE-2022-1292
and https://security-tracker.debian.org/tracker/CVE-2022-2068 (indeed,
the former was fixed in 1.1.1n-0+deb11u2).
> * (CVE-2022-2097)[https://nvd.nist.gov/vuln/detail/CVE-2022-2097]
> (medium)
>
and https://security-tracker.debian.org/tracker/CVE-2022-2097 has this
tagged as waiting for additional updates to fix it alongside.
Regards,
Adam
More information about the Pkg-openssl-devel
mailing list