Re: Binary packages for CVEs

To: Dmitry Chelnintsev <Dmitry.Chelnintsev@kaspersky.com>
Cc: "debian-security-tracker@lists.debian.org" <debian-security-tracker@lists.debian.org>, Anatoly Penkov <Anatoly.Penkov@kaspersky.com>, "Andrey Ge. Bogomolov" <Andrey.G.Bogomolov@kaspersky.com>, Olga Rachich <Olga.Rachich@kaspersky.com>
Subject: Re: Binary packages for CVEs
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 16 Jan 2026 08:36:16 +0100
Message-id: <[🔎] aWnqcCKnEzShqqp9@eldamar.lan>
Mail-followup-to: Dmitry Chelnintsev <Dmitry.Chelnintsev@kaspersky.com>, "debian-security-tracker@lists.debian.org" <debian-security-tracker@lists.debian.org>, Anatoly Penkov <Anatoly.Penkov@kaspersky.com>, "Andrey Ge. Bogomolov" <Andrey.G.Bogomolov@kaspersky.com>, Olga Rachich <Olga.Rachich@kaspersky.com>
In-reply-to: <[🔎] 6f7ac35f262746989a44409c5387d500@kaspersky.com>
References: <[🔎] 6f7ac35f262746989a44409c5387d500@kaspersky.com>

Hi,

On Thu, Jan 15, 2026 at 09:11:07AM +0000, Dmitry Chelnintsev wrote:
> Hello there!
> 
> I have a question about affected packages in your CVE articles.
> Given example: https://security-tracker.debian.org/tracker/CVE-2026-22184
> 
> What is the correct way to get all affected binary packages for source package zlib?
> Should I look at "binaries" section on package page? https://tracker.debian.org/pkg/zlib

Yes it is correct the security-tracker is source-package centric. If
you want to gather the list of built binary package, you can check the
control information of the source, check apt-cache showsrc
$srcpackage, the trackers, and other ways.

For that specific CVE you might be intersted in
https://www.openwall.com/lists/oss-security/2026/01/15/7 

Regards,
Salvatore

Reply to:

References:
- Binary packages for CVEs
  - From: Dmitry Chelnintsev <Dmitry.Chelnintsev@kaspersky.com>

Prev by Date: External check
Next by Date: External check
Previous by thread: Binary packages for CVEs
Index(es):
- Date
- Thread