Thanks for the quick response Russ. I realize most of these vulnerabilities are pretty unimportant, but this fulfils a compliance requirement for me, which is to reach out and see if a patch is in the works.
Also, thanks for mentioning Debian 12, I did not realize it had been released. I will get with the engineers here and have them start testing. On Tue, Jun 13, 2023 at 11:03 AM Russ Allbery <r...@debian.org> wrote: > Frank Carr <fc...@atlassian.com> writes: > > > Hi, I am trying to determine if there are any plans to release a stable > > patch for Debian 11 that address the following CVEs: > > > CVE-2022-3534 > > CVE-2022-3606 > > CVE-2022-3715 > > CVE-2021-45941 > > CVE-2022-3534 > > CVE-2022-3606 > > CVE-2022-4899 > > CVE-2023-29491 > > CVE-2023-2953 > > CVE-2022-1304 > > CVE-2022-31782 > > CVE-2021-33560 > > CVE-2019-6129 > > CVE-2019-20838 > > CVE-2013-4235 > > CVE-2020-13529 > > I spot-checked several of these via the Debian security tracker at: > > https://security-tracker.debian.org/tracker/ > > (You can enter a CVE into the search box at the bottom.) The ones I > checked were all low-priority security vulnerabilities that were fixed in > the bullseye release (Debian 12). > > I can't speak to the security team or package maintainers about their > plans for a stable update for these or other vulnerabilities, but if > you're concerned about them, the best way to address them right now would > be to expedite your upgrade to bullseye. > > -- > Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/> >
