[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

debsecan with squeeze-lts


I noticed an interesting problem that squeeze-lts creates for debsecan.

debsecan (at least the version in squeeze) doesn't seem to know about
libgnutls26 version 2.8.6-1+squeeze4, or even that it has the fixes from
versions 2.8.6-1+squeeze3 and prior.

It means that CVE-2014-3466 will remain as "Vulnerabilities without
updates", and even old vulnerabilities are listed as affecting the
installed libgnutls26 again, in the "New security updates" category.

Is the security tracker expected to have data for squeeze-lts at some
point, or should squeeze-lts users discontinue using debsecan?

Steven Chamberlain

Reply to: