Re: Haven't seen this ssh output before
Le 04.12.2014 11:33, Jochen Spieker a écrit :
This is a tool which lists CVE (Common Vulnerabilities and
Exposures) that the packages you installed contains.
I think you might get some hints if you make a diff between the old
(you said you have un-upgraded systems) and the new (the system
which gaves you problems) systems.
Debsecan is a great tool, but to find out whether a specific upgrade
contains remedy for a specific CVE the easiest way is usually to just
look at the changelog. I would be very surprised if OpenSSH people
security holes without mentioning that explicitly.
Of course, but this is something which needs to be made by hand, since
no apt tool I have heard about will list CVEs in a package. Except
debsecan, which can be run by script, for example to send mail to warn
on various things. I wonder if it could be doable to warn when the
future package will introduce a CVE, before installing it?