[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Incorrect classification of CVE-2009-4411?

On Sat, 13 Nov 2010 09:46:50 +0100 Petter Reinholdtsen wrote:

> According to debsecan on one of my Lenny boxes, CVE-2009-4411 can be
> fixed by upgrading:
>   *** Available security updates
>   CVE-2009-4411 The (1) setfacl and (2) getfacl commands in XFS acl...
>     <http://security-tracker.debian.net/tracker/CVE-2009-4411>
>     - libacl1 (low urgency)
> But when I try to upgrade the Lenny machine, there is no update
> available.  Is the hole incorrectly classified?

On my lenny box, debsecan lists that issue as an open/unfixed
vulnerability.  Are you using a different suite in debsecan?  If I use
the "--suite sid" option, then it does indicate that there is an
available security update.


Reply to: