Re: Debian 12 security issue - please help to understand

To: Rafał Lichwała <rafal@siliconet.pl>
Cc: debian-user@lists.debian.org
Subject: Re: Debian 12 security issue - please help to understand
From: Hanno 'Rince' Wagner <wagner@rince.de>
Date: Wed, 29 Jan 2025 15:35:17 +0100
Message-id: <[🔎] Z5o8pX-GpilwjQ3A@mail>
Mail-followup-to: Hanno 'Rince' Wagner <wagner@rince.de>, Rafał Lichwała <rafal@siliconet.pl>, debian-user@lists.debian.org
In-reply-to: <[🔎] 631f9a70-295a-4c73-b552-f7a25d392374@siliconet.pl>
References: <[🔎] 7d546b2d-368e-4c91-ae73-1bd5ceff8b01@siliconet.pl> <[🔎] CAMPXz=oThjCF=XZW4QsA=1K=9L1c0uS+WYApVPieC_2rVt3MkQ@mail.gmail.com> <[🔎] b040ebb4-7e9d-4834-bf43-254214967f40@siliconet.pl> <[🔎] Z5ovd78fu8UKSdc0@mail> <[🔎] 631f9a70-295a-4c73-b552-f7a25d392374@siliconet.pl>

Hi Rafał,

On Wed, 29 Jan 2025, Rafał Lichwała wrote:

> So now I suppose I just don't fully understand those information I found, so
> that's why I ask you guys for help on this Debian user mailing list.

and Dan already answered it and that is what I meant with "you have to
understand what the CVE tells you":

Dan says:

> The notes say:
> [bookworm] - zlib <ignored> (contrib/minizip not built and src:zlib not producing binary packages)
> In other words, there's no point in fixing it because Debian doesn't build the vulnerable binary component.
> Very low priority.


so, this CVE is telling you about a bug which is not affecting Debians
zlib1g since it doesn't build minizip.

> Yes. But I'm not asking for "responsibility", but a bit more explanation
> without blaming anyone.

you are asking us to intepret for you the content of the CVE and the
output of your scanner.

that is what your job is: finding out wether the bug is really
affecting you and if so, how to mitigate it.

best regards, Hanno Wagner
--
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince@IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
#"Also, ich stelle mir gerade vor, wie Kristian sich wundert. Ah, sieht gut
# aus. Steht Dir..." -- Marit Hansen telefoniert

Reply to:

Follow-Ups:
- Re: Debian 12 security issue - please help to understand
  - From: Rafał Lichwała <rafal@siliconet.pl>

References:
- Debian 12 security issue - please help to understand
  - From: Rafał Lichwała <rafal@siliconet.pl>
- Re: Debian 12 security issue - please help to understand
  - From: David <bouncingcats@gmail.com>
- Re: Debian 12 security issue - please help to understand
  - From: Rafał Lichwała <rafal@siliconet.pl>
- Re: Debian 12 security issue - please help to understand
  - From: Hanno 'Rince' Wagner <wagner@rince.de>
- Re: Debian 12 security issue - please help to understand
  - From: Rafał Lichwała <rafal@siliconet.pl>

Prev by Date: Re: Debian 12 security issue - please help to understand
Next by Date: Re: Debian 12 security issue - please help to understand
Previous by thread: Re: Debian 12 security issue - please help to understand
Next by thread: Re: Debian 12 security issue - please help to understand
Index(es):
- Date
- Thread