Hello, On Fri, Nov 04, 2022 at 01:06:02PM -0400, The Wanderer wrote: > More relevantly to this thread, the equivalent check with 'apt-cache > showsrc grub2' (since grub2 is the source-package name for the packages > named in the CVE mentioned by debsecan, according to the OP) shows 49 > binary packages - no, that's not a typo, one short of fifty. Most of > them follow the pattern of [name], [name]-bin, and [name]-dbg, but there > are some outliers. > > If any of those are installed (or possibly even just not purged?) on the > machine in question, that might explain why debsecan shows the CVE as > being applicable.
Good idea. Unfortunately that doesn't seem to be what's going on: (All of the packages named start with "grub") $ dpkg-query -l 'grub*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-================-==============-============-===================================================== un grub <none> <none> (no description available) un grub-cloud-amd64 <none> <none> (no description available) ii grub-common 2.06-3~deb11u2 i386 GRand Unified Bootloader (common files) un grub-coreboot <none> <none> (no description available) un grub-doc <none> <none> (no description available) un grub-efi <none> <none> (no description available) un grub-efi-amd64 <none> <none> (no description available) un grub-efi-arm <none> <none> (no description available) un grub-efi-arm64 <none> <none> (no description available) un grub-efi-ia32 <none> <none> (no description available) un grub-efi-ia64 <none> <none> (no description available) un grub-emu <none> <none> (no description available) un grub-ieee1275 <none> <none> (no description available) un grub-legacy <none> <none> (no description available) un grub-legacy-doc <none> <none> (no description available) un grub-linuxbios <none> <none> (no description available) ii grub-pc 2.06-3~deb11u2 i386 GRand Unified Bootloader, version 2 (PC/BIOS version) ii grub-pc-bin 2.06-3~deb11u2 i386 GRand Unified Bootloader, version 2 (PC/BIOS modules) un grub-uboot <none> <none> (no description available) un grub-xen <none> <none> (no description available) un grub-yeeloong <none> <none> (no description available) un grub2 <none> <none> (no description available) ii grub2-common 2.06-3~deb11u2 i386 GRand Unified Bootloader (common files for version 2) Maybe I need to file a bug on debsecan just so someone can tell me what I am missing. 😀 Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting