I'm new to how Debian tracks this, so this is probably a simple question. This says that CVE-2022-2068 is fixed in openssl 1.1.1n-0+deb11u3:
https://security-tracker.debian.org/tracker/CVE-2022-2068 https://security-tracker.debian.org/tracker/source-package/openssl But openssl says that is fixed in openssl 1.1.1p (Affected 1.1.1-1.1.1o): https://www.openssl.org/news/vulnerabilities-1.1.1.html Does Debian back-port some of these fixes? Thanks! Mark
