* Cyril Bouthors: > On 20 Mar 2006, Florian Weimer wrote: > >> There is an "upgrade" for sarge (actually a downgrade), but not one >> for sid. I don't think debsecan's output is incorrect in this case. > > Debsecan should only report insecure and fixed packages with invoked > with --only-fixed.
It does. > Since libcurl 7.15.2-3 has no security upload pending, it should not > be reported. Sorry, debsecan isn't psychic. A downgrade to the sarge version will fix this bug, and you explicitly requested sarge status information using "--suite sarge". Maybe this could be considered an FAQ item, but I can't see how a code change could fix this (and still work correctly in other cases). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
