CVE-2022-2068

To: debian-security-tracker@lists.debian.org
Subject: CVE-2022-2068
From: major fake <majorfakeemail@gmail.com>
Date: Mon, 17 Oct 2022 13:42:53 -0700
Message-id: <[🔎] CANGg5VUbv7gOM=RJx_VijES3YWjd4PL+jO7ZbbfONTH6N6kVRA@mail.gmail.com>

I'm new to how Debian tracks this, so this is probably a simple question. This says that CVE-2022-2068 is fixed in openssl 1.1.1n-0+deb11u3:

https://security-tracker.debian.org/tracker/CVE-2022-2068

https://security-tracker.debian.org/tracker/source-package/openssl

But openssl says that is fixed in openssl 1.1.1p (Affected 1.1.1-1.1.1o):

https://www.openssl.org/news/vulnerabilities-1.1.1.html

Does Debian back-port some of these fixes?

Thanks!

Mark

Reply to:

Follow-Ups:
- Re: CVE-2022-2068
  - From: Andrew Pollock <apollock@debian.org>

Prev by Date: External check
Next by Date: Re: CVE-2022-2068
Previous by thread: Re: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
Next by thread: Re: CVE-2022-2068
Index(es):
- Date
- Thread