Have I asked in the wrong list? Which list would be more appropriate? Victor Sudakov wrote: > Dear Colleagues, > > There is something about debsecan I don't understand, can you please clarify for me? > > CVE-2020-1967 was fixed in version 1.1.1d-0+deb10u3, I have > 1.1.1d-0+deb10u2 installed, but for some reason debsecan does not report > the vulnerable package: > > # dpkg -l | grep openssl > ii openssl 1.1.1d-0+deb10u2 amd64 Secure Sockets Layer toolkit - cryptographic utility > # debsecan --suite buster | grep CVE-2020-1967 > # > > What am I doing wrong? > > I'm familiar with FreeBSD's "pkg audit", maybe I'm misusing debsecan? > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
Attachment:
signature.asc
Description: PGP signature