Hi,
Running SLES 12 SP5.
Recently there was fix made for CVE-2022-24302. According to https://www.suse.com/security/cve/CVE-2022-24302.html, the rpm package containing the correction is “python3-paramiko >= 2.4.0-9.13.1”.
I would like to confirm that the rpm contains the correction to an older CVE as well… how can I do that?
Namely talking about this one: https://www.suse.com/security/cve/CVE-2018-1000805.html. That has been corrected earlier to “python3-paramiko >= 2.1.3-9.6.1” in SLES 12 SP5 product but how can I confirm that
the same correction exists also in the 2.4.0 correction track?
If I check with
rpm --changelog -qp python3-paramiko-2.4.0-9.13.1.rpm
I can see that it contains the CVE-2022-24302 fix but no mention of the CVE-2018-1000805.
thanks,
tony