Package: debsecan Version: 0.3.3 Severity: normal I'm using the latest proftpd sarge package:
web8:~# dpkg -l proftpd (...) ii proftpd 1.2.10-15sarge1.0.1 Versatile, virtual-hosting FTP daemon web8:~# apt-get install proftpd (...) proftpd is already the newest version. but debsecan reports it to be remotely exploitable: web8:~# debsecan --only-fixed --suite sarge CVE-2005-2390 proftpd (fixed, remotely exploitable, medium urgency) CVE-2005-2390 proftpd-common (fixed, remotely exploitable, medium urgency) (...) I think it's a bug in debsecan. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-rc5-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages debsecan depends on: ii debconf [debconf-2.0] 1.4.61 Debian configuration management sy ii python 2.3.5-3 An interactive high-level object-o Versions of packages debsecan recommends: ii cron 3.0pl1-92 management of regular background p ii exim4 4.60-1 metapackage to ease exim MTA (v4) ii exim4-daemon-light [mail-tran 4.60-1 lightweight exim MTA (v4) daemon -- debconf information: * debsecan/suite: sid debsecan/report: true -- Cyril Bouthors
pgpxUQOOzlKzD.pgp
Description: PGP signature

