| Release | Version |
|---|---|
| stretch | 1:1.37-1 |
| buster | 1:2.8-1 |
| bullseye | 1:2.15.2-1 |
| sid | 1:2.16-3 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2021-36377 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ... |
| CVE-2020-24614 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ... |
| CVE-2017-17459 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | http_transport.c in Fossil before 2.4, when the SSH sync protocol is u ... |