I recently started using Wazuh to manage the security of my servers and
Linux desktops.
I have a Debian server that is raising the following alert:
package.name: python3-certifi
package.version: 2022.9.24-1
vulnerability.id: CVE-2023-37920
https://nvd.nist.gov/vuln/detail/CVE-2023-37920
https://tracker.debian.org/pkg/python-certifi
I confirmed this on the machine in question and got the resulting output:
python3-certifi/stable,now 2022.9.24-1 all [installed,automatic]
Running "sudo apt update -y; sudo apt upgrade -y", does not seem to
update the package to the non-vulnerable version 2023.07.22.
Is there anything I can do to resolve the issue, is this not an issue,
or do I need to wait for Debian to patch the package?
