* Alex Page: > I'm having a bit of trouble with version numbers reported in DSAs. We keep > our stable systems patched by updating against security.debian.org but > have an external audit process, which compares the versions of installed > packages with the versions reported as fixed in each DSA.
You should download the .dsc files and use the version number contained therein. This is what dsa2list does (a helper tool for the security tracker). This only gives you the source version, but you can get that for an installed package from the dpkg status file. The data generated for debsecan also includes epochs. debsecan also implements the comparison based on source versions. (We use source versions for tracking because binary package versions and names are architecture-specific.) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
