Re: CVE Applicability Inquiry

[Griffin Weikel]

Good Afternoon,

Following-up to confirm the information below. Please advise if able.

Thank you,

Griffin

Griffin Weikel
Security Risk Engineering Manager
M: (443) 745-4594

servicenow.com<https://www.servicenow.com/>
LinkedIn<https://www.linkedin.com/company/servicenow>  | 
Twitter<https://twitter.com/servicenow>  | 
YouTube<https://www.youtube.com/user/servicenowinc> | 
Facebook<https://www.facebook.com/servicenow>


From: Griffin Weikel <griffin.wei...@servicenow.com>
Date: Wednesday, June 29, 2022 at 2:30 PM
To: debian-user@lists.debian.org <debian-user@lists.debian.org>
Cc: Tim Nelson <tim.nel...@servicenow.com>, Christopher Engel 
<christopher.en...@servicenow.com>
Subject: CVE Applicability Inquiry
Good Afternoon,

I’m writing to inquire about the applicability of a couple CVEs to the Bullseye 
release. The two CVEs below are popping in our Prisma scans as vulnerable, 
however I noticed on the Debian site that Bullseye isn’t listed. This seemed to 
deviate from the majority of CVEs we’re reviewing. Are you able to confirm that 
if a CVE page doesn’t list a release in the tracker that we’re to assume the 
release isn’t vulnerable?

https://security-tracker.debian.org/tracker/CVE-2022-24675
https://security-tracker.debian.org/tracker/CVE-2022-28327

Also, confirming my email subscription via CONFIRM s2022062918105226032.

Thank you,

Griffin

Griffin Weikel
Security Risk Engineering Manager
M: (443) 745-4594

servicenow.com<https://www.servicenow.com/>
LinkedIn<https://www.linkedin.com/company/servicenow>  | 
Twitter<https://twitter.com/servicenow>  | 
YouTube<https://www.youtube.com/user/servicenowinc> | 
Facebook<https://www.facebook.com/servicenow>