Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
Hello.
In security-tracker, for CVE-2022-2625, it's noted that this vulnerability is NOT fixed in Debian 11, version 13.8-0+deb11u1.
https://security-tracker.debian.org/tracker/CVE-2022-2625
But, in the changelog of 13.8-0+deb11u1 version, it's noted that this vulnerability is fixed.
https://metadata.ftp-master.debian.org/changelogs//main/p/postgresql-13/postgresql-13_13.8-0+deb11u1_changelog
In the news of 10-september, it's noted that this vulnerability is fixed.
https://www.debian.org/News/2022/2022091002
So, where is the truth ?
Best Regards.
Lilian Gallet
Reply to: