[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to see the list of CRITICALLY vulnerable packages in Debian?

maxwillb wrote: 
> https://security-tracker.debian.org/tracker/status/release/stable
> 
> shows the list of packages currently considered vulnerable, but it does not show the severity.

Severity is a matter of opinion. The first opinion should be
based on whether the package is even installed. Then on how
important the package is. Then, perhaps, what degree of
compromise is offered, and then how easy it is to exploit.  

But other people might have different ideas.

> For example, https://nvd.nist.gov/vuln/detail/CVE-2021-37973 has a CRITICAL severity but the Debian security tracker simply says "not assigned" (No dev so much as bothered to click on the 'NVD' link?)

Well, that one is easy: Debian doesn't ship Google Chrome. If
you have Chrome on your system, you got it from some other
organization.

There are five bugs noted for Chromium, though, in the
security-tracker.debian.org link that you already know.

You should start with the listings for linux, the kernel
package, since it's almost guaranteed you have that.

-dsr-
Reply to: