Re: Debian Package Version system

To: debian-user@lists.debian.org
Subject: Re: Debian Package Version system
From: Florian Ernst <florian_ernst@gmx.net>
Date: Thu, 22 Nov 2012 17:13:41 +0100
Message-id: <[🔎] 20121122161341.GR14865@fernst.no-ip.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] E7E899956E6065488DBC6623F76F36A275BF5A6F39@RAMNL-EX02.Ram.nl>
References: <[🔎] E7E899956E6065488DBC6623F76F36A275BF5A6F39@RAMNL-EX02.Ram.nl>

Hello all,

On Thu, Nov 22, 2012 at 09:54:22AM +0100, Arnoud Tijssen wrote:
> After performing some vulnerability scans on some our systems one of
> the outcomes was that some software packages were out of date.
> We`re using the package management system of Debian and all packages
> were updated (apt-get update & apt-get (dist-)upgrade) prior to the
> scan.

Such scans often merely compare version numbers, which most often isn't
quite appropriate to determine whether a certain vulnerability still
exists. Please see "The version number for a package indicates that I am
still running a vulnerable version!" in the Debian Security FAQ at
http://www.debian.org/security/faq#version

The remainder of that page provides further insight into some of the
peculiarities involved.

Cheers,
Flo

Reply to:

References:
- Debian Package Version system
  - From: Arnoud Tijssen <ATijssen@Ram.nl>

Prev by Date: iceweasel locking up
Next by Date: Found Workaround! Re: Failing to find LVM on RAID in while booting wheezy.
Previous by thread: RE: Debian Package Version system
Next by thread: Stuck in a loop with Lazarus/FPC after doing an upgrade
Index(es):
- Date
- Thread