Arul Anand MM wrote: > Advisory page on September 14 > https://web.archive.org/web/20230924174231/https://security-tracker.debian.org/tracker/CVE-2023-3390 > states the issue is fixed in 5.10.191-1
No, it doesn't. It states the issue was fixed - for bullseye, i.e. oldstable - in 5.10.179-3 (lower table). It also states that 5.10.191-1 was the current version in "bullseye (security)", so that suite was not vulnerable. > but the current version of advisory > states "5.10.209-2" as the fixed version. No, it doesn't. :-) It still states the issue was fixed in 5.10.179-3 (lower table). The current version in "bullseye (security)" is now 5.10.218-1, and in "bullseye" it's 5.10.209-2, so neither suite is vulnerable. The fixed version doesn't change. The current version in suites that still get updates does, of course. -thh
