Package: debsecan
Version: 0.4.10+nmu2
Severity: normal

I have debsecan set to "lenny", but it is reporting apache2 as needing a 
security update, but everything looks good to me.

*** Available security updates

CVE-2009-1191 mod_proxy_ajp.c in the mod_proxy_ajp module in the...
  <http://security-tracker.debian.net/tracker/CVE-2009-1191>
  - apache2-mpm-prefork, apache2, apache2-utils, apache2.2-common,
    apache2-suexec-custom (remotely exploitable, low urgency)

CVE-2009-1195 The Apache HTTP Server 2.2.11 and earlier 2.2...
  <http://security-tracker.debian.net/tracker/CVE-2009-1195>
  - apache2-mpm-prefork, apache2, apache2-utils, apache2.2-common,
    apache2-suexec-custom (medium urgency)

I first thought it was because having either:
deb http://ftp.se.debian.org/debian lenny-proposed-updates main
deb http://http.us.debian.org/debian testing main

in my sources.list.d, but the lenny (or I think lenny security) has the right 
package.
I have 2.2.9-10+lenny7 installed, which the security-tracker page shows as the 
right version.  Maybe debsecan isn't paying attention to lenny-security, and so 
then thinks that since I have +lenny7 installed, rather than +lenny6, I am 
still vulnerable?

Is there a way to fix this on my end?

-- System Information:
Debian Release: 5.0.4
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable'), (50, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) 
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash

Versions of packages debsecan depends on:
ii  debconf [debconf-2.0]       1.5.24       Debian configuration management sy
ii  python                      2.5.4-5      An interactive high-level object-o
ii  python-apt                  0.7.7.1+nmu1 Python interface to libapt-pkg

Versions of packages debsecan recommends:
ii  cron                          3.0pl1-105 management of regular background p
ii  postfix [mail-transport-agent 2.5.5-1.1  High-performance mail transport ag

debsecan suggests no packages.

-- debconf information:
* debsecan/source:
* debsecan/mailto: root
* debsecan/report: true
* debsecan/suite: GENERIC



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to