On 29.01.2025 1:57 PM, David wrote:
How does your "automatically scanned for possible vulnerabilites" actually work?
I don't know, but it does not matter in that context. The fact is, that the result of this "magic scan" properly found and points out the real critical security vulnerabilities in bookworm which are not fixed. Am I wrong? Please correct me then.
Because Debian does backport security fixes, so simply checking the version number of the software does not indicate if the vulnerability has been fixed in Debian, or not.
I know, but it seems (at least for me) it's not the case this time (?) I hope I am wrong, so please help to to understand. Could you please send some link which says "yeah, it's fixed in bookworm"? I cannot find it. On the other hand there is nothing in package change log about this CVSS: https://metadata.ftp-master.debian.org/changelogs//main/z/zlib/zlib_1.2.13.dfsg-1_changelog
