Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye (!112) · Merge requests · Debian Security Tracker / security-tracker

Andrea Pappacoda requested to merge tachi/security-tracker:CVE-2020-36477-stable into master Jul 24, 2022

Buster and Bullseye both ship the 2.16 LTS branch of mbedtls, and as mentioned by upstream "the bug was introduced in 2.18.0, so it's not present in the [2.16] LTS branch".

Thanks to Utkarsh and Samuel for the help!

Mark CVE-2020-36477/mbedtls as not-affected for buster and bullseye

Merge request reports