bullseye (security) represents old version on security-tracker.d.o

To: debian-security-tracker@lists.debian.org
Subject: bullseye (security) represents old version on security-tracker.d.o
From: Kentaro Hayashi <kenhys@gmail.com>
Date: Tue, 9 Jan 2024 16:20:40 +0900
Message-id: <[🔎] CAJW8SQdvXdX7H_iQAo0tX+BMq0ppE42vNPMz43vqWcKfd9Fo1Q@mail.gmail.com>

Hi folks,

I've found a bit strange status about some tracked issue
on security-tracker.debian.org.

1. CVE-2023-36054 krb5
https://security-tracker.debian.org/tracker/CVE-2023-36054

it shows like:

  bullseye 1.18.3-6+deb11u4 fixed
  bullseye (security) 1.18.3-6+deb11u3 vulnerable

you may doubt whether it was not fixed yet because of "vulnerable" label.

There is a similar thing for openssl

2. CVE-2023-3817 openssl
https://security-tracker.debian.org/tracker/CVE-2023-3817

  bullseye 1.1.1w-0+deb11u1 fixed
  bullseye (security) 1.1.1n-0+deb11u5 vulnerable

Regards,

-- 
Kentaro Hayashi <kenhys@gmail.com>

Reply to:

Follow-Ups:
- Re: bullseye (security) represents old version on security-tracker.d.o
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: External check
Next by Date: Re: bullseye (security) represents old version on security-tracker.d.o
Previous by thread: External check
Next by thread: Re: bullseye (security) represents old version on security-tracker.d.o
Index(es):
- Date
- Thread