control: tags -1 + moreinfo Hi Vincent,
Vincent Lefevre <[email protected]> writes: > In the last run (last night), I got: > > Date: Fri, 11 Apr 2014 02:03:04 +0200 (CEST) > From: daemon <[email protected]> > To: [email protected] > Subject: Debian security status of xvii > Delivered-To: [email protected] > > Security report based on the sid release > > *** Fixed vulnerabilities > > CVE-2011-3624 > <http://security-tracker.debian.org/tracker/CVE-2011-3624> > - libruby1.9.1 > - ruby1.9.1 > > [...] > > But these packages libruby1.9.1 and ruby1.9.1 were no longer > installed. debsecan filters /var/lib/dpkg/status for the “installed” state: if 'installed' not in pkg_status.split(' '): # Package is not installed. continue This code has been present since commit 8ea7f592 (2005-12-14), so I’m a bit surprised about your report. Are you sure that libruby1.9.1 and ruby1.9.1 were not removed just after the report was generated? Check /var/log/dpkg.log, if you still have it :). In case you can no longer reproduce the issue, let us know and we can close it. -- Best regards, Michael
