Hi Debian Security Team,
Thank you for providing the great tracker system. I have a question. When it comes to CVE-2017-10965, the following page says 1.0.2-1+deb9u2 is the fixed version on stretch.
Change log also says so.
But OVAL says 1.0.2-1+deb9u3 as follows.
Which is correct?
Thank you,
teppei
|