-
Bug
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
Good afternoon,
CVE-2022-47629 affects libksba, and https://access.redhat.com/errata/RHSA-2023:0625 says it's fixed in libksba-1.3.5-9.el8_7. However, libksba-1.3.5-9.el8_6 is also presumably fixed (based on rpm -q --changelog libksba, it looks like the fix went in at libksba-1.3.5-9). Can you clarify whether libksba-1.3.5-9.el8_6 is vulnerable. If so, why does rpm -q --changelog libksba indicate that the fix went in, and if not, why does the RHSA only mention el8_7 and not the earlier el8_6?
Thank you!