Re: Debian 12 security issue - please help to understand

To: debian-user@lists.debian.org
Subject: Re: Debian 12 security issue - please help to understand
From: David <bouncingcats@gmail.com>
Date: Wed, 29 Jan 2025 12:57:35 +0000
Message-id: <[🔎] CAMPXz=oThjCF=XZW4QsA=1K=9L1c0uS+WYApVPieC_2rVt3MkQ@mail.gmail.com>
In-reply-to: <[🔎] 7d546b2d-368e-4c91-ae73-1bd5ceff8b01@siliconet.pl>
References: <[🔎] 7d546b2d-368e-4c91-ae73-1bd5ceff8b01@siliconet.pl>

On Wed, 29 Jan 2025 at 12:40, Rafał Lichwała <rafal@siliconet.pl> wrote:

> I've prepared some docker image based on Debian 12 (bookworm, fully
> updated) and after upload it to local registry it has been automatically
> scanned for possible vulnerabilities.
> Then I was really surprised when discovered that according to this scan
> there are 139 security vulnerabilities and 2 of them are CRITICAL (!).

How does your "automatically scanned for possible vulnerabilites"
actually work?

Because Debian does backport security fixes, so simply checking the
version number of the software does not indicate if the vulnerability
has been fixed in Debian, or not.

See here for more info:
  https://www.debian.org/security/faq#version

Reply to:

Follow-Ups:
- Re: Debian 12 security issue - please help to understand
  - From: Rafał Lichwała <rafal@siliconet.pl>

References:
- Debian 12 security issue - please help to understand
  - From: Rafał Lichwała <rafal@siliconet.pl>

Prev by Date: Debian 12 security issue - please help to understand
Next by Date: Re: Debian 12 security issue - please help to understand
Previous by thread: Debian 12 security issue - please help to understand
Next by thread: Re: Debian 12 security issue - please help to understand
Index(es):
- Date
- Thread