debsecan does not report a vulnerability?

To: debian-user@lists.debian.org
Subject: debsecan does not report a vulnerability?
From: Victor Sudakov <vas@sibptus.ru>
Date: Thu, 7 May 2020 16:11:27 +0700
Message-id: <[🔎] 20200507091127.GA16337@admin.sibptus.ru>

Dear Colleagues,

There is something about debsecan I don't understand, can you please clarify for me?

CVE-2020-1967 was fixed in version 1.1.1d-0+deb10u3, I have
1.1.1d-0+deb10u2 installed, but for some reason debsecan does not report
the vulnerable package:

# dpkg -l | grep openssl
ii  openssl                       1.1.1d-0+deb10u2             amd64        Secure Sockets Layer toolkit - cryptographic utility
# debsecan --suite buster | grep CVE-2020-1967
# 

What am I doing wrong?

I'm familiar with FreeBSD's "pkg audit", maybe I'm misusing debsecan?

-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: debsecan does not report a vulnerability?
  - From: Victor Sudakov <vas@sibptus.ru>

Prev by Date: Re: Slow performance due to llvmpipe being used despite Radeon kernel and X modules being loaded
Next by Date: Re: Slow performance due to llvmpipe being used despite Radeon kernel and X modules being loaded
Previous by thread: Re: Re: Slow performance due to llvmpipe being used despite Radeon kernel and X modules being loaded
Next by thread: Re: debsecan does not report a vulnerability?
Index(es):
- Date
- Thread