Re: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog

To: Gallet Lilian <galletl@mairie-saintnazaire.fr>
Cc: "debian-security-tracker@lists.debian.org" <debian-security-tracker@lists.debian.org>
Subject: Re: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 17 Oct 2022 23:53:53 +0200
Message-id: <[🔎] Y03O8WVMQiEep5GE@eldamar.lan>
Mail-followup-to: Gallet Lilian <galletl@mairie-saintnazaire.fr>, "debian-security-tracker@lists.debian.org" <debian-security-tracker@lists.debian.org>
In-reply-to: <[🔎] b28ab036fed34accb12925fe11119d01@mairie-saintnazaire.fr>
References: <[🔎] b28ab036fed34accb12925fe11119d01@mairie-saintnazaire.fr>

Hi,

On Thu, Oct 13, 2022 at 02:57:58PM +0000, Gallet Lilian wrote:
> Hello.
> 
> 
> In security-tracker, for CVE-2022-2625, it's noted that this vulnerability is NOT fixed in Debian 11, version 13.8-0+deb11u1.
> https://security-tracker.debian.org/tracker/CVE-2022-2625
> 
> But, in the changelog of 13.8-0+deb11u1 version, it's noted that this vulnerability is fixed.
> https://metadata.ftp-master.debian.org/changelogs//main/p/postgresql-13/postgresql-13_13.8-0+deb11u1_changelog
> 
> In the news of 10-september, it's noted that this vulnerability is fixed.
> https://www.debian.org/News/2022/2022091002
> 
> So, where is the truth ?

Thank you, the security-tracker metadata on it was wrong and it is now
fixed.

Regards,
Salvatore

Reply to:

References:
- Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
  - From: Gallet Lilian <galletl@mairie-saintnazaire.fr>

Prev by Date: Re: CVE-2022-2068
Next by Date: Re: CVE-2022-2068
Previous by thread: Postgresql-13 - CVE-2022-2625 - Difference between security-tracker and changelog
Next by thread: CVE-2022-2068
Index(es):
- Date
- Thread