Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog

To: "debian-security-tracker@lists.debian.org" <debian-security-tracker@lists.debian.org>
Subject: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
From: Gallet Lilian <galletl@mairie-saintnazaire.fr>
Date: Thu, 13 Oct 2022 14:57:58 +0000
Message-id: <[🔎] b28ab036fed34accb12925fe11119d01@mairie-saintnazaire.fr>

Hello.


In security-tracker, for CVE-2022-2625, it's noted that this vulnerability is NOT fixed in Debian 11, version 13.8-0+deb11u1.
https://security-tracker.debian.org/tracker/CVE-2022-2625

But, in the changelog of 13.8-0+deb11u1 version, it's noted that this vulnerability is fixed.
https://metadata.ftp-master.debian.org/changelogs//main/p/postgresql-13/postgresql-13_13.8-0+deb11u1_changelog

In the news of 10-september, it's noted that this vulnerability is fixed.
https://www.debian.org/News/2022/2022091002

So, where is the truth ?

Best Regards.


Lilian Gallet

Reply to:

Follow-Ups:
- Re: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: External check
Previous by thread: Re: FYI NVD legacy feeds are deprecated
Next by thread: Re: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
Index(es):
- Date
- Thread