Package: debsecan Version: 0.4.10+nmu2 Severity: normal
I have debsecan set to "lenny", but it is reporting apache2 as needing a security update, but everything looks good to me. *** Available security updates CVE-2009-1191 mod_proxy_ajp.c in the mod_proxy_ajp module in the... <http://security-tracker.debian.net/tracker/CVE-2009-1191> - apache2-mpm-prefork, apache2, apache2-utils, apache2.2-common, apache2-suexec-custom (remotely exploitable, low urgency) CVE-2009-1195 The Apache HTTP Server 2.2.11 and earlier 2.2... <http://security-tracker.debian.net/tracker/CVE-2009-1195> - apache2-mpm-prefork, apache2, apache2-utils, apache2.2-common, apache2-suexec-custom (medium urgency) I first thought it was because having either: deb http://ftp.se.debian.org/debian lenny-proposed-updates main deb http://http.us.debian.org/debian testing main in my sources.list.d, but the lenny (or I think lenny security) has the right package. I have 2.2.9-10+lenny7 installed, which the security-tracker page shows as the right version. Maybe debsecan isn't paying attention to lenny-security, and so then thinks that since I have +lenny7 installed, rather than +lenny6, I am still vulnerable? Is there a way to fix this on my end? -- System Information: Debian Release: 5.0.4 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable'), (50, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686-bigmem (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/bash Versions of packages debsecan depends on: ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii python 2.5.4-5 An interactive high-level object-o ii python-apt 0.7.7.1+nmu1 Python interface to libapt-pkg Versions of packages debsecan recommends: ii cron 3.0pl1-105 management of regular background p ii postfix [mail-transport-agent 2.5.5-1.1 High-performance mail transport ag debsecan suggests no packages. -- debconf information: * debsecan/source: * debsecan/mailto: root * debsecan/report: true * debsecan/suite: GENERIC -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

