[x] I understand that this repo tracks debian package releases and cannot fix debian CVEs on its own
[x] this CVE shows a fix is available in the appropriate debian version (buster, bullseye) and channel (main, security) and it has been more than 48 hours.
All three vulnerabilities are fixed with version 3.11.2-6+deb12u2, which has been available for Debian bookworm since 02 May 2024 (according to the Debian Changelog) and installed into the Debian FTP archive since 21 May 2024 (according to the Build status).
Please describe the image you encountered this with and a link to the debian security tracker https://security-tracker.debian.org/tracker/CVE-2023-41105 https://security-tracker.debian.org/tracker/CVE-2023-40217 https://security-tracker.debian.org/tracker/CVE-2023-24329
All three vulnerabilities are fixed with version 3.11.2-6+deb12u2, which has been available for Debian bookworm since 02 May 2024 (according to the Debian Changelog) and installed into the Debian FTP archive since 21 May 2024 (according to the Build status).