bullseye (security) represents old version on security-tracker.d.o
Hi folks,
I've found a bit strange status about some tracked issue
on security-tracker.debian.org.
1. CVE-2023-36054 krb5
https://security-tracker.debian.org/tracker/CVE-2023-36054
it shows like:
bullseye 1.18.3-6+deb11u4 fixed
bullseye (security) 1.18.3-6+deb11u3 vulnerable
you may doubt whether it was not fixed yet because of "vulnerable" label.
There is a similar thing for openssl
2. CVE-2023-3817 openssl
https://security-tracker.debian.org/tracker/CVE-2023-3817
bullseye 1.1.1w-0+deb11u1 fixed
bullseye (security) 1.1.1n-0+deb11u5 vulnerable
Regards,
--
Kentaro Hayashi <kenhys@gmail.com>
Reply to: