Re: Interpreting debsecan output
Hello,
On Fri, Nov 04, 2022 at 01:06:02PM -0400, The Wanderer wrote:
> More relevantly to this thread, the equivalent check with 'apt-cache
> showsrc grub2' (since grub2 is the source-package name for the packages
> named in the CVE mentioned by debsecan, according to the OP) shows 49
> binary packages - no, that's not a typo, one short of fifty. Most of
> them follow the pattern of [name], [name]-bin, and [name]-dbg, but there
> are some outliers.
>
> If any of those are installed (or possibly even just not purged?) on the
> machine in question, that might explain why debsecan shows the CVE as
> being applicable.
Good idea. Unfortunately that doesn't seem to be what's going on:
(All of the packages named start with "grub")
$ dpkg-query -l 'grub*'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================-==============-============-=====================================================
un grub <none> <none> (no description available)
un grub-cloud-amd64 <none> <none> (no description available)
ii grub-common 2.06-3~deb11u2 i386 GRand Unified Bootloader (common files)
un grub-coreboot <none> <none> (no description available)
un grub-doc <none> <none> (no description available)
un grub-efi <none> <none> (no description available)
un grub-efi-amd64 <none> <none> (no description available)
un grub-efi-arm <none> <none> (no description available)
un grub-efi-arm64 <none> <none> (no description available)
un grub-efi-ia32 <none> <none> (no description available)
un grub-efi-ia64 <none> <none> (no description available)
un grub-emu <none> <none> (no description available)
un grub-ieee1275 <none> <none> (no description available)
un grub-legacy <none> <none> (no description available)
un grub-legacy-doc <none> <none> (no description available)
un grub-linuxbios <none> <none> (no description available)
ii grub-pc 2.06-3~deb11u2 i386 GRand Unified Bootloader, version 2 (PC/BIOS version)
ii grub-pc-bin 2.06-3~deb11u2 i386 GRand Unified Bootloader, version 2 (PC/BIOS modules)
un grub-uboot <none> <none> (no description available)
un grub-xen <none> <none> (no description available)
un grub-yeeloong <none> <none> (no description available)
un grub2 <none> <none> (no description available)
ii grub2-common 2.06-3~deb11u2 i386 GRand Unified Bootloader (common files for version 2)
Maybe I need to file a bug on debsecan just so someone can tell me what
I am missing. 😀
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: