Good Afternoon, I’m writing to inquire about the applicability of a couple CVEs to the Bullseye release. The two CVEs below are popping in our Prisma scans as vulnerable, however I noticed on the Debian site that Bullseye isn’t listed. This seemed to deviate from the majority of CVEs we’re reviewing. Are you able to confirm that if a CVE page doesn’t list a release in the tracker that we’re to assume the release isn’t vulnerable?
https://security-tracker.debian.org/tracker/CVE-2022-24675 https://security-tracker.debian.org/tracker/CVE-2022-28327 Also, confirming my email subscription via CONFIRM s2022062918105226032. Thank you, Griffin Griffin Weikel Security Risk Engineering Manager M: (443) 745-4594 servicenow.com<https://www.servicenow.com/> LinkedIn<https://www.linkedin.com/company/servicenow> | Twitter<https://twitter.com/servicenow> | YouTube<https://www.youtube.com/user/servicenowinc> | Facebook<https://www.facebook.com/servicenow>
