[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsecan vs. debian-volatile

This one time, at band camp, Aneurin Price said:
> Hi all, I hope this question is appropriate for this list. Feel free
> to chide me appropriately if not :P.
> I'm running sarge with clamav from debian-volatile, and debsecan
> reports some vulnerabilities with it. I'm fairly sure that the version
> I have installed (0.91.2-0volatile1) is in fact okay, and that the
> problem is simply that debsecan doesn't understand volatile - based on
> the vulnerability descriptions which seem to be telling me that the
> vulnerabilities are fixed in the version I'm using.
> I would however be grateful if anybody could confirm this to be the
> case - or point out if I'm wrong.

The version of clamav in volatile does not contain any known
vulnerabilities.  I assume debsecan is at fault here.
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |

Attachment: signature.asc
Description: Digital signature

Reply to: