Re: Haven't seen this ssh output before

To: <debian-user@lists.debian.org>
Subject: Re: Haven't seen this ssh output before
From: berenger.morel@neutralite.org
Date: Mon, 08 Dec 2014 17:03:05 +0100
Message-id: <[🔎] f7a8d33654389dd95d5669d879cd2cc6@neutralite.org>
In-reply-to: <[🔎] 20141204103345.GO26345@well-adjusted.de>
References: <87tx1mpx0x.fsf@reader.local.lan> <20141126031051.GA26345@well-adjusted.de> <87tx1lhcmt.fsf@newsguy.com> <87mw7dh8d5.fsf@newsguy.com> <[🔎] 3fec1ace9e30ca3b41723bbc1acb24a7@neutralite.org> <[🔎] 20141204103345.GO26345@well-adjusted.de>



Le 04.12.2014 11:33, Jochen Spieker a écrit :

berenger.morel@neutralite.org:


debsecan.

This is a tool which lists CVE (Common Vulnerabilities and
Exposures) that the packages you installed contains.
I think you might get some hints if you make a diff between the old
(you said you have un-upgraded systems) and the new (the system
which gaves you problems) systems.


Debsecan is a great tool, but to find out whether a specific upgrade
contains remedy for a specific CVE the easiest way is usually to just

look at the changelog. I would be very surprised if OpenSSH peopleclose

security holes without mentioning that explicitly.


J.

Of course, but this is something which needs to be made by hand, sinceno apt tool I have heard about will list CVEs in a package. Exceptdebsecan, which can be run by script, for example to send mail to warnon various things. I wonder if it could be doable to warn when thefuture package will introduce a CVE, before installing it?

Reply to:

References:
- Re: Haven't seen this ssh output before
  - From: berenger.morel@neutralite.org
- Re: Haven't seen this ssh output before
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: Skipping fsck during boot with systemd?
Next by Date: Re: Replacing systemd in Jessie
Previous by thread: Re: Haven't seen this ssh output before
Next by thread: tgif thumbnailers not working
Index(es):
- Date
- Thread