[–] theandrewbailey 3y ago ↗ Branch Vulnerable Fixed Maintained until ---------+------------------------+----------+----------------- ... 2.4 2.4.0 .. 2.4.21 2.4.12 2026-Q2 (LTS) So 2.4 was fixed a long time ago? I just did an update and got 2.4.21, so I'm still vulnerable! [–] max-m 3y ago ↗ I think this was a typo in the table. 2.4.22 was released alongside the other fixed versions. [–] wtarreau 3y ago ↗ confirmed, thanks for correcting me. Dealing with such reports across many versions and copy-pasting lots of data & Git commit IDs is extremely prone to failures, even after careful re-reading.
[–] max-m 3y ago ↗ I think this was a typo in the table. 2.4.22 was released alongside the other fixed versions. [–] wtarreau 3y ago ↗ confirmed, thanks for correcting me. Dealing with such reports across many versions and copy-pasting lots of data & Git commit IDs is extremely prone to failures, even after careful re-reading.
[–] wtarreau 3y ago ↗ confirmed, thanks for correcting me. Dealing with such reports across many versions and copy-pasting lots of data & Git commit IDs is extremely prone to failures, even after careful re-reading.
[–] nvahalik 3y ago ↗ CVE-2023-25725 on Debian: https://security-tracker.debian.org/tracker/CVE-2023-25725It's fixed in 2.2.9-2+deb11u4.
[–] wtarreau 3y ago ↗ Just to clarify some doubts, distro packages issued yesterday all have the fix in them even if the base version number appears older.
6 comments
[ 0.28 ms ] story [ 17.7 ms ] threadIt's fixed in 2.2.9-2+deb11u4.