Hi,
I am wondering why the local debian security check for CVE-2023-38408 in Greenbone only includes the Debian 10 version in affected versions, while both Debian 11 and 12 seems to be affected by the same vulnerability? I see that you base it on the DLA-3532-1 given by Debian only including “buster”. However Debian also says that it has been fixed in newer “bullseye” and “bookworm” versions.
https://security-tracker.debian.org/tracker/CVE-2023-38408
https://metadata.ftp-master.debian.org/changelogs//main/o/openssh/openssh_9.2p1-2+deb12u2_changelog
https://metadata.ftp-master.debian.org/changelogs//main/o/openssh/openssh_8.4p1-5+deb11u3_changelog
Why aren’t the NVT including those versions? Were they not vulnerable, or what is the reason?
Best regards
Bob