[
Date Prev
][
Date Next
] [
Thread Prev
][
Thread Next
] [
Date Index
] [
Thread Index
]
CVE-2022-2068 stretch
To
: "
debian-security-tracker@lists.debian.org
" <
debian-security-tracker@lists.debian.org
>
Subject
: CVE-2022-2068 stretch
From
: jostutz <
jostutz@proton.me
>
Date
: Fri, 01 Jul 2022 15:30:36 +0000
Message-id
: <
[🔎]
8xS6lHBAcRKKnYWX_ZUfMf8_U_ezGXmrpIHAFTVALWKW2i71Nv79FczZejGfMbobcQQVxD2GZXrO204a3Wf7ego5GumzlSraFPlTjzP-Ths=@proton.me
>
Reply-to
: jostutz <
jostutz@proton.me
>
object:
CVE-2022-2068
https://security-tracker.debian.org/tracker/CVE-2022-2068
https://www.openssl.org/news/secadv/20220621.txt
Hello,
the openssl page reads the issue affects '
OpenSSL versions 1.0.2, 1.1.1 and 3.0'
1.1.1 is the basename for openssl packages on Debian10 and 11 (
1.1.1n-0+debXXuX)
On one hand, t
he cve tracker page indicates stretch vulnerable,
But on the other hand:
Debian9 has last candidate
1.1.0l-1~deb9u6
(from stable and backports)
the Stretch page
https://packages.debian.org/stretch/libssl1.1
and apt-get source openssl both indicate 1.1.0
So am I wrong, or does the debian tracker page display an error?
By the way, I know Stretch is not supported anymore, but things are as they are some machines are still using Stretch and require upgrade.
Thanks!
Sent with
Proton Mail
secure email.
Reply to:
debian-security-tracker@lists.debian.org
jostutz (on-list)
jostutz (off-list)
Follow-Ups
:
Re: CVE-2022-2068 stretch
From:
Salvatore Bonaccorso <carnil@debian.org>
Prev by Date:
External check
Next by Date:
Re: CVE-2022-2068 stretch
Previous by thread:
External check
Next by thread:
Re: CVE-2022-2068 stretch
Index(es):
Date
Thread