Re: debsecan vs. debian-volatile

To: "Florian Weimer" <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: debsecan vs. debian-volatile
From: "Aneurin Price" <aneurin.price@gmail.com>
Date: Tue, 4 Sep 2007 10:00:37 +0100
Message-id: <[🔎] 501db8660709040200x29aede7cr3867f29c436d9fb8@mail.gmail.com>
In-reply-to: <[🔎] 87ejhfk4wt.fsf@mid.deneb.enyo.de>
References: <[🔎] 501db8660709030617i461624e3v343d34af888a4961@mail.gmail.com> <[🔎] 87ejhfk4wt.fsf@mid.deneb.enyo.de>

> Actually, debsecan should be able to deal with this situation.
>
> I guess that CVE-2007-4560 is an example for this kind of problem.
> We've marked it as fixed in version 0.91.2-1, but volatile contains
> 0.91.2-0volatile1, which is less than that.  I suppose we could mark
> it as fixed in 0.91.2, which would cover both cases (and wouldn't
> introduce a false negative if this bug was in fact fixed upstream).
>

That's great. Thanks both of you for the replies.

Reply to:

References:
- debsecan vs. debian-volatile
  - From: "Aneurin Price" <aneurin.price@gmail.com>
- Re: debsecan vs. debian-volatile
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: debsecan vs. debian-volatile
Next by Date: Re: secure installation
Previous by thread: Re: debsecan vs. debian-volatile
Next by thread: Re: secure installation
Index(es):
- Date
- Thread