[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 12 security issue - please help to understand



On Wed, 29 Jan 2025 at 12:40, Rafał Lichwała <rafal@siliconet.pl> wrote:

> I've prepared some docker image based on Debian 12 (bookworm, fully
> updated) and after upload it to local registry it has been automatically
> scanned for possible vulnerabilities.
> Then I was really surprised when discovered that according to this scan
> there are 139 security vulnerabilities and 2 of them are CRITICAL (!).

How does your "automatically scanned for possible vulnerabilites"
actually work?

Because Debian does backport security fixes, so simply checking the
version number of the software does not indicate if the vulnerability
has been fixed in Debian, or not.

See here for more info:
  https://www.debian.org/security/faq#version


Reply to: