CVE fix question


Running SLES 12 SP5.

Recently there was fix made for CVE-2022-24302. According to, the rpm package containing the correction is “python3-paramiko >= 2.4.0-9.13.1”.
I would like to confirm that the rpm contains the correction to an older CVE as well… how can I do that?
Namely talking about this one: That has been corrected earlier to “python3-paramiko >= 2.1.3-9.6.1” in SLES 12 SP5 product but how can I confirm that
the same correction exists also in the 2.4.0 correction track?

If I check with
rpm --changelog -qp python3-paramiko-2.4.0-9.13.1.rpm
I can see that it contains the CVE-2022-24302 fix but no mention of the CVE-2018-1000805.



Sorry, but these are the openSUSE forums, not the SLES/SLED forums.

You better go to

Then, you have a maintenance contract …

  • This Forum is the community openSUSE Forum …