Re: Debian Package Version system
Hello all,
On Thu, Nov 22, 2012 at 09:54:22AM +0100, Arnoud Tijssen wrote:
> After performing some vulnerability scans on some our systems one of
> the outcomes was that some software packages were out of date.
> We`re using the package management system of Debian and all packages
> were updated (apt-get update & apt-get (dist-)upgrade) prior to the
> scan.
Such scans often merely compare version numbers, which most often isn't
quite appropriate to determine whether a certain vulnerability still
exists. Please see "The version number for a package indicates that I am
still running a vulnerable version!" in the Debian Security FAQ at
http://www.debian.org/security/faq#version
The remainder of that page provides further insight into some of the
peculiarities involved.
Cheers,
Flo
Reply to: