[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 12 security issue - please help to understand

Hi Rafał!

On Wed, 29 Jan 2025, Rafał Lichwała wrote:

> On 29.01.2025 1:57 PM, David wrote:
> > How does your "automatically scanned for possible vulnerabilites"
> > actually work?
> 
> I don't know, but it does not matter in that context.

It does matter because you have to interpret the output of your
scanner and understand it.

> The fact is, that the
> result of this "magic scan" properly found and points out the real critical
> security vulnerabilities in bookworm which are not fixed. Am I wrong? Please
> correct me then.

This strange scanner found a CVE attached to minizip. minizip is part
of zlib, but not supported. therefore, for debian it is no reason to
provide a security fix since program (minizip) is not supported by the
package zlib itself.

if you use such scanner, _you_ have to understand the output of the
scanner, the CVE itself _and_ the impact on _your_ system. the scanner
can only check a version number against a CVE. but what it means _in
your situation_ is your responsibility, not debians, not the scanners.

best regards, Hanno Wagner
--
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince@IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
#DAU at work, Real Life Cuts (Teil 21):
#"Ich war ja auch mal Kunde bei PROTEL."
Reply to: