On Wed, 2022-11-02 at 18:36 +0000, RL wrote: > I think the data on security-tracker.debian.org may be incomplete. > > > For example the following links suggest that grub had a vulnerability > that was fixed in: 2.06-3~deb11u1 but bullseye has 2.06-3~deb11u2 > (ending in u2 not u1) >
bullseye *doesn't* have deb11u2 yet. It's in proposed-updates and stable-updates, but stable still has deb11u1 until the next point release. Regards, Adam
