Hi Andrew,
Thank you for the insight!
Appreciated,
Mark

On Mon, Oct 17, 2022 at 2:41 PM Andrew Pollock <apoll...@debian.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> I like to go to the changelogs, as they're the most authoritative thing
> available.
>
>
> https://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.1.1n-0+deb11u3_changelog
>
>
> This is linked from packages.debian.org/openssl
>
> Yes, Debian prefers to backport fixes for security updates to stable
> releases rather than introduce new versions, see
> https://www.debian.org/security/faq#oldversion
>
> regards
>
> Andrew
>
> On 2022-10-17 at 20:42, majorfakeem...@gmail.com wrote:
> > I'm new to how Debian tracks this, so this is probably a simple question.
> This says that CVE-2022-2068 is fixed in openssl 1.1.1n-0+deb11u3:
> >
> > https://security-tracker.debian.org/tracker/CVE-2022-2068
> > https://security-tracker.debian.org/tracker/source-package/openssl
> >
> > But openssl says that is fixed in openssl 1.1.1p (Affected 1.1.1-1.1.1o):
> >
> > https://www.openssl.org/news/vulnerabilities-1.1.1.html
> >
> > Does Debian back-port some of these fixes?
> >
> > Thanks!
> > Mark
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: FlowCrypt Email Encryption 8.3.8
> Comment: Seamlessly send and receive encrypted email
>
> wsFzBAEBCgAGBQJjTcvzACEJEFHf2Ts++3nvFiEEW3Akls+mpQcjnC15Ud/Z
> Oz77ee8vCxAAl9iXLDe3Yp0Q89UAXfLfRF3Bd4/ZNtn/Dzs36rovr0xMOBXx
> lQaPDNC0H/2NO+cpGulpQJj29T1MW35NUZq6GXZcqc4395gFQQzYZA83nvm6
> uwXHz0eMzl5eeR7FdvIqtYODFGBzQoNjc4P2j9aCxzL5agZCgfDl3scabioC
> c45qAP0+ilnSjxSpdx+uPr2bRUC6HbSpWyiI0VwtWeY1UI6M6m7F5o/SsyCe
> 3cQZtqwduKj61BGcCENvFMbOPPD5JF9nsi9k/B/fahkxe48d8gkDgO1NCDFD
> yRjiY59U1EguJo7r38Er+IsL8QGc14qVR9k03jXElXNlLpIPXQyyfeAXQNHF
> cH8/+2enn+tzNPP5One06x9LVge/rt0ICRnPfVSwZMoCQBXzoUsNvkPOESQj
> 2dTi/frWuhM8DTKAv5rj66a+gpVb7ms+3Rode2CLhMUZn84tIQjKf2yCX+tx
> A80PtdQkINTZtWZ73Ggaudzcvqqt2+13U47Kruwbbeg0Df/pw5ugSnVrARXk
> IpA8nrliMDpOTWljrSwhfFM0f/Ad+2v2G9ZY9EZQaAHL1Jbr4+B65MTnu1m5
> o4eq8gD6uJkpe2se6qDuCN8KEgof8sjVWERRbOegHCpQ3pa+0cgVIXYD3CtF
> s/iiU/w9/5agStw+elRjbLrOPyiRWQZp3Jg=
> =ywtx
> -----END PGP SIGNATURE-----
>

Reply via email to