[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages with a history of security issues and whose packaged version is not up to date

On Fri, 14 Feb 2025 17:12:48 +0000, Colin Watson <cjwatson@debian.org>
wrote:
>On Fri, Feb 14, 2025 at 03:28:35PM +0100, Marc Haber wrote:
>> Especially if the list just goes the (wrong) way of so many commercial
>> security tools and/or consultants who just compare version numbers and
>> flag our stable versions as vulnerable regardless whether we have
>> patched vulnerabilities or not.
>
>But it doesn't.  Santiago's using the data from the security tracker to
>determine whether CVEs are open.

Good. Don't we have debsecan for that? Or the security tracker itself?

Greetings
Marc
-- 
----------------------------------------------------------------------------
Marc Haber         |   " Questions are the         | Mailadresse im Header
Rhein-Neckar, DE   |     Beginning of Wisdom "     | 
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
Reply to: