The geniuses that created this bug include "12.2(33)XNC" in BOTH "known affected" and "known fixed" releases!
EVERY BUG relasted to a security noticve or advisory should come with a *complete* list of affected versions. The way this is done now is utterly inadequate!