incorrect version number on security-tracker.debian.org
Hi,
I think the data on security-tracker.debian.org may be incomplete.
For example the following links suggest that grub had a vulnerability
that was fixed in: 2.06-3~deb11u1 but bullseye has 2.06-3~deb11u2
(ending in u2 not u1)
(i think this causes debsecan to report the vulnerability as having
'updates available', because it is expecting the data to list allfixed
versions,not the earliest fixed version)
I wonder if something is not updating the bullseye version number
correctly?
Affects the following
- CVE-2021-3695: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write ...
<https://security-tracker.debian.org/tracker/CVE-2021-3695>
- CVE-2021-3696: A heap out-of-bounds write may heppen during the handling of Huffman t ...
<https://security-tracker.debian.org/tracker/CVE-2021-3696>
- CVE-2021-3697: A crafted JPEG image may lead the JPEG reader to underflow its data po ...
<https://security-tracker.debian.org/tracker/CVE-2021-3697>
- CVE-2022-28733: (No description)
<https://security-tracker.debian.org/tracker/CVE-2022-28733>
- CVE-2022-28734: (No description)
<https://security-tracker.debian.org/tracker/CVE-2022-28734>
- CVE-2022-28735: (No description)
<https://security-tracker.debian.org/tracker/CVE-2022-28735>
- CVE-2022-28736: (No description)
<https://security-tracker.debian.org/tracker/CVE-2022-28736>
Thanks for considering
Reply to: