Hey. I've just installed this again on some node, and for some reason apt- listbugs still shows it as open: # aptitude Performing actions... Retrieving bug reports... Done Parsing Found/Fixed information... Done grave bugs of liblog4j1.2-java (→ 1.2.17-10+deb11u1) <Resolved in some Version> b1 - #1004482 - liblog4j1.2-java: CVE-2022-23307 CVE-2022-23305 CVE-2022-23302 (Fixed: apache-log4j1.2/1.2.17-11) Summary: liblog4j1.2-java(1 bug) Are you sure you want to install/upgrade the above packages? [Y/n/?/...]
But that's the one now installed: liblog4j1.2-java 1.2.17-10+deb11u1 which, AFAIU should contain the fixes, right? Does it need a: Control: fixed -1 1.2.17-10+deb11u1 ? Cheers, Chris.
