Thanks for the quick response Russ. I realize most of these vulnerabilities
are pretty unimportant, but this fulfils a compliance requirement for me,
which is to reach out and see if a patch is in the works.
Also, thanks for mentioning Debian 12, I did not realize it had been
released. I will get with the engineers here and have them start testing.
On Tue, Jun 13, 2023 at 11:03 AM Russ Allbery <
[email protected]> wrote:
Frank Carr <[email protected]> writes:
Hi, I am trying to determine if there are any plans to release a stable patch for Debian 11 that address the following CVEs:
CVE-2022-3534
CVE-2022-3606
CVE-2022-3715
CVE-2021-45941
CVE-2022-3534
CVE-2022-3606
CVE-2022-4899
CVE-2023-29491
CVE-2023-2953
CVE-2022-1304
CVE-2022-31782
CVE-2021-33560
CVE-2019-6129
CVE-2019-20838
CVE-2013-4235
CVE-2020-13529
I spot-checked several of these via the Debian security tracker at:
https://security-tracker.debian.org/tracker/
(You can enter a CVE into the search box at the bottom.) The ones I
checked were all low-priority security vulnerabilities that were fixed in
the bullseye release (Debian 12).
I can't speak to the security team or package maintainers about their
plans for a stable update for these or other vulnerabilities, but if
you're concerned about them, the best way to address them right now would
be to expedite your upgrade to bullseye.
--
Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
<div dir="ltr">Thanks for the quick response Russ. I realize most of these vulnerabilities are pretty unimportant, but this fulfils a compliance requirement for me, which is to reach out and see if a patch is in the works.<div><br></div><div>Also, thanks�
�for mentioning Debian 12, I did not realize it had been released. I will get with the engineers here and have them start testing.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 13, 2023 at 11:03 AM Russ Allbery &
lt;<a href="mailto:
[email protected]">
[email protected]</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Frank Carr <<a href="mailto:
[email protected]" target="
_blank">
[email protected]</a>> writes:<br>
> Hi, I am trying to determine if there are any plans to release a stable<br>
> patch for Debian 11 that address the following CVEs:<br>
> CVE-2022-3534<br>
> CVE-2022-3606<br>
> CVE-2022-3715<br>
> CVE-2021-45941<br>
> CVE-2022-3534<br>
> CVE-2022-3606<br>
> CVE-2022-4899<br>
> CVE-2023-29491<br>
> CVE-2023-2953<br>
> CVE-2022-1304<br>
> CVE-2022-31782<br>
> CVE-2021-33560<br>
> CVE-2019-6129<br>
> CVE-2019-20838<br>
> CVE-2013-4235<br>
> CVE-2020-13529<br>
I spot-checked several of these via the Debian security tracker at:<br>
<a href="
https://security-tracker.debian.org/tracker/" rel="noreferrer" target="_blank">
https://security-tracker.debian.org/tracker/</a><br>
(You can enter a CVE into the search box at the bottom.) The ones I<br> checked were all low-priority security vulnerabilities that were fixed in<br> the bullseye release (Debian 12).<br>
I can't speak to the security team or package maintainers about their<br> plans for a stable update for these or other vulnerabilities, but if<br> you're concerned about them, the best way to address them right now would<br>
be to expedite your upgrade to bullseye.<br>
-- <br>
Russ Allbery (<a href="mailto:
[email protected]" target="_blank">
[email protected]</a>) <<a href="
https://www.eyrie.org/~eagle/" rel="noreferrer" target="_blank">
https://www.eyrie.org/~eagle/</a>><br>
</blockquote></div>
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)