debsecan with squeeze-lts

To: debian-lts@lists.debian.org
Subject: debsecan with squeeze-lts
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Tue, 03 Jun 2014 12:14:13 +0100
Message-id: <[🔎] 538DAE05.9030106@pyro.eu.org>

Hi,

I noticed an interesting problem that squeeze-lts creates for debsecan.

debsecan (at least the version in squeeze) doesn't seem to know about
libgnutls26 version 2.8.6-1+squeeze4, or even that it has the fixes from
versions 2.8.6-1+squeeze3 and prior.

It means that CVE-2014-3466 will remain as "Vulnerabilities without
updates", and even old vulnerabilities are listed as affecting the
installed libgnutls26 again, in the "New security updates" category.

Is the security tracker expected to have data for squeeze-lts at some
point, or should squeeze-lts users discontinue using debsecan?

Thanks,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Follow-Ups:
- Re: debsecan with squeeze-lts
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Re: fail2ban (0.8.4-3+squeeze2)
Next by Date: Re: fail2ban (0.8.4-3+squeeze2)
Previous by thread: Re: fail2ban (0.8.4-3+squeeze2)
Next by thread: Re: debsecan with squeeze-lts
Index(es):
- Date
- Thread