Re: Misunderstanding about normal (stable) and security channels
Debsecan does not do what I want but I can have a look at the source
code to see how it gets security informations :).
Thanks you,
Best regards,
Frédéric PICA
2008/7/28 Riku Valli <riku.valli@vallit.fi>:
> Frédéric PICA wrote:
>>
>> Ok, so the problem remains the same for me.
>> It's possible that a package get updated for a security reason while
>> being in the stable channel. This is contradictory with the security
>> FAQ.
>> Is there another way (for a program) to get the type of a package ? A
>> special way to access the security tracker (RPC, ...) ??
>>
>
> May be debsecan is suitable for you?
>
> Description: Debian Security Analyzer
> debsecan is a tool to generate a list of vulnerabilities which affect a
> particular Debian installation. debsecan runs on the host which is to be
> checked, and downloads vulnerability information over the Internet. It can
> send mail to interested parties when new vulnerabilities are discovered or
> when
> security updates become available.
>
> Regards, Riku
>>
>> Thanks,
>> Frédéric PICA
>>
>> 2008/7/28 Steffen Joeris <steffen.joeris@skolelinux.de>:
>>
>>>
>>> Hi Frederic
>>>
>>> On Mon, 28 Jul 2008 11:54:55 pm you wrote:
>>>
>>>>
>>>> Ok, so this one :
>>>> -----------------------------------
>>>> proftpd-dfsg (1.3.0-19etch1) stable; urgency=low
>>>>
>>>> * [SECURITY] Added patch auth_cache.dpatch. It fixes CVE-2007-2165.
>>>>
>>>> -- Francesco Paolo Lovergine <frankie@debian.org> Tue, 15 Jan 2008
>>>> 11:50:31 +0100
>>>> -----------------------------------
>>>>
>>>> should have been in the security channel, and not in stable.
>>>> So this is an "error" of the package maintainer and should be an
>>>> isolate case, right ?
>>>>
>>>
>>> Nope, this was a minor issue according to the tracker and thus it got
>>> fixed in
>>> a point release. CVE ids are not only for major issues, but for all sorts
>>> of
>>> security issues.
>>>
>>> Cheers
>>> Steffen
>>>
>>>
>>>
>
>
Reply to: