Frédéric PICA wrote:
Ok, so the problem remains the same for me.
It's possible that a package get updated for a security reason while
being in the stable channel. This is contradictory with the security
FAQ.
Is there another way (for a program) to get the type of a package ? A
special way to access the security tracker (RPC, ...) ??
May be debsecan is suitable for you?
Description: Debian Security Analyzer
debsecan is a tool to generate a list of vulnerabilities which affect a
particular Debian installation. debsecan runs on the host which is to be
checked, and downloads vulnerability information over the Internet. It can
send mail to interested parties when new vulnerabilities are discovered
or when
security updates become available.
Regards, Riku
Thanks,
Frédéric PICA
2008/7/28 Steffen Joeris <[EMAIL PROTECTED]>:
Hi Frederic
On Mon, 28 Jul 2008 11:54:55 pm you wrote:
Ok, so this one :
-----------------------------------
proftpd-dfsg (1.3.0-19etch1) stable; urgency=low
* [SECURITY] Added patch auth_cache.dpatch. It fixes CVE-2007-2165.
-- Francesco Paolo Lovergine <[EMAIL PROTECTED]> Tue, 15 Jan 2008
11:50:31 +0100
-----------------------------------
should have been in the security channel, and not in stable.
So this is an "error" of the package maintainer and should be an
isolate case, right ?
Nope, this was a minor issue according to the tracker and thus it got fixed in
a point release. CVE ids are not only for major issues, but for all sorts of
security issues.
Cheers
Steffen
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
