Re: debsecan does not report a vulnerability?

[Victor Sudakov <vas@sibptus.ru>]

Ihor Antonov wrote:
> On Sunday, 10 May 2020 08:18:29 PDT Victor Sudakov wrote:
> > Have I asked in the wrong list? Which list would be more appropriate?
> 
> Hi Victor,
> 
> I think this is the right list. But it seems that the message got lost somehow 
> in the high volume. I have not used debescan personally, so I am replying 
> simply 
> to keep this thread alive hoping to get it more visibility

Hi Ihor!

What do you use to track vulnerabilites in your Debian hosts? What's the
general approach? Do we just rely upon unattended-upgrade to fetch and
install patched packages for us? 

I come from the FreeBSD world where there are two distinct mechanisms to
fix vulnerabilites: one for the base system (FreeBSD Security Advisories
and freebsd-update to install binary updates to the base system) and
another for third-party software from the ports collection ("pkg audit
-F" instead of security advisories, "pkg upgrade" to install up-to-date
patched versions of packages).

What do we have here, or where can I read more about it?


-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/