Hi folks,
So I recently downloaded and installed debsecan on several of my
machines. These are all fully up-to-date machines, running either
wheezy or jessie. For now I'll just focus on wheezy since it's where
our security focus should go.
On this machine, it found 472 vulnerabilities. Quite a few of them fit
into the remotely exploitable, high urgency category. Many date back to
last year, some as far back as 2012. I've included a few examples at
the end.
Now, it is possible with some of these that the security-tracker
database ought to be updated to reflect that there is not a true
vulnerability. However, many of them seem to be existing issues that
just got forgotten somehow. I've traced a few through bug reports and such.
I wonder:
Are we already aware of these issues?
Do we have plans to fix them?
Do we know what would be helpful to fix them?
Thanks,
John