Re: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
Hi,
On Thu, Oct 13, 2022 at 02:57:58PM +0000, Gallet Lilian wrote:
> Hello.
>
>
> In security-tracker, for CVE-2022-2625, it's noted that this vulnerability is NOT fixed in Debian 11, version 13.8-0+deb11u1.
> https://security-tracker.debian.org/tracker/CVE-2022-2625
>
> But, in the changelog of 13.8-0+deb11u1 version, it's noted that this vulnerability is fixed.
> https://metadata.ftp-master.debian.org/changelogs//main/p/postgresql-13/postgresql-13_13.8-0+deb11u1_changelog
>
> In the news of 10-september, it's noted that this vulnerability is fixed.
> https://www.debian.org/News/2022/2022091002
>
> So, where is the truth ?
Thank you, the security-tracker metadata on it was wrong and it is now
fixed.
Regards,
Salvatore
Reply to: