Hi folks, I've found a bit strange status about some tracked issue on security-tracker.debian.org.
1. CVE-2023-36054 krb5 https://security-tracker.debian.org/tracker/CVE-2023-36054 it shows like: bullseye 1.18.3-6+deb11u4 fixed bullseye (security) 1.18.3-6+deb11u3 vulnerable you may doubt whether it was not fixed yet because of "vulnerable" label. There is a similar thing for openssl 2. CVE-2023-3817 openssl https://security-tracker.debian.org/tracker/CVE-2023-3817 bullseye 1.1.1w-0+deb11u1 fixed bullseye (security) 1.1.1n-0+deb11u5 vulnerable Regards, -- Kentaro Hayashi <[email protected]>
