Hello all, On Thu, Nov 22, 2012 at 09:54:22AM +0100, Arnoud Tijssen wrote: > After performing some vulnerability scans on some our systems one of > the outcomes was that some software packages were out of date. > We`re using the package management system of Debian and all packages > were updated (apt-get update & apt-get (dist-)upgrade) prior to the > scan.
Such scans often merely compare version numbers, which most often isn't quite appropriate to determine whether a certain vulnerability still exists. Please see "The version number for a package indicates that I am still running a vulnerable version!" in the Debian Security FAQ at http://www.debian.org/security/faq#version The remainder of that page provides further insight into some of the peculiarities involved. Cheers, Flo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121122161341.gr14...@fernst.no-ip.org
