Re: Incorrect classification of CVE-2009-4411?
On Sat, 13 Nov 2010 09:46:50 +0100 Petter Reinholdtsen wrote:
> According to debsecan on one of my Lenny boxes, CVE-2009-4411 can be
> fixed by upgrading:
> *** Available security updates
> CVE-2009-4411 The (1) setfacl and (2) getfacl commands in XFS acl...
> - libacl1 (low urgency)
> But when I try to upgrade the Lenny machine, there is no update
> available. Is the hole incorrectly classified?
On my lenny box, debsecan lists that issue as an open/unfixed
vulnerability. Are you using a different suite in debsecan? If I use
the "--suite sid" option, then it does indicate that there is an
available security update.