Re: debsecan does not report a vulnerability?
On Sunday, 10 May 2020 08:18:29 PDT Victor Sudakov wrote:
> Have I asked in the wrong list? Which list would be more appropriate?
Hi Victor,
I think this is the right list. But it seems that the message got lost somehow
in the high volume. I have not used debescan personally, so I am replying
simply
to keep this thread alive hoping to get it more visibility
> Victor Sudakov wrote:
> > Dear Colleagues,
> > There is something about debsecan I don't understand, can you please
> > clarify for me?
> >
> > CVE-2020-1967 was fixed in version 1.1.1d-0+deb10u3, I have
> > 1.1.1d-0+deb10u2 installed, but for some reason debsecan does not report
> > the vulnerable package:
> >
> > # dpkg -l | grep openssl
> > ii openssl 1.1.1d-0+deb10u2 amd64
> > Secure Sockets Layer toolkit - cryptographic utility # debsecan --suite
> > buster | grep CVE-2020-1967
> > #
> >
> > What am I doing wrong?
> >
> > I'm familiar with FreeBSD's "pkg audit", maybe I'm misusing debsecan?
-------------------
Ihor Antonov
Reply to: