[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should we be alarmed at our state of security support?

2015-02-18 15:11 GMT+01:00 John Goerzen <jgoerzen@complete.org>:
Hi folks,

So I recently downloaded and installed debsecan on several of my
machines.  These are all fully up-to-date machines, running either
wheezy or jessie.  For now I'll just focus on wheezy since it's where
our security focus should go.

On this machine, it found 472 vulnerabilities.  Quite a few of them fit
into the remotely exploitable, high urgency category.  Many date back to
last year, some as far back as 2012.  I've included a few examples at
the end.

no panic! take a look ;)
Now, it is possible with some of these that the security-tracker
database ought to be updated to reflect that there is not a true
vulnerability.  However, many of them seem to be existing issues that
just got forgotten somehow.  I've traced a few through bug reports and such.

I wonder:

Are we already aware of these issues?

Do we have plans to fix them?

Do we know what would be helpful to fix them?



bye, gionni

Reply to: