Ok, thanks. On Thu, Jun 7, 2018 at 1:23 PM Christian Fischer < christian.fisc...@greenbone.net> wrote:
> Hi, > > On 04.06.2018 16:02, Uğur ÇİL wrote: > > Thank you very much. I have been dealing with this issue for a long time. > > Is there any reference document for this kind of tricky points. I mean, > if > > didn't explain 'ver' argument I would never understand that it should be > > fixed version number.. > > > > Thanks again.. > > there is no real documentation about things like this available. It > might change in the future but for now mostly the following: > > > The best start is to learn from existing NASL scripts. > > from http://openvas.org/nvt-dev.html#how_to_start applies here. > > Regards, > > > On Sun, Jun 3, 2018 at 3:54 PM, Christian Fischer < > > christian.fisc...@greenbone.net> wrote: > > > >> Hi, > >> > >> On 29.05.2018 14:13, Uğur ÇİL wrote: > >>> That server includes *"openjdk-7-jre:amd64 > >>> 7u171-2.6.13-1~deb8u1 amd64 OpenJDK Java > >> > >> *snip* > >> > >>> if ((res = isdpkgvuln(pkg:"openjdk-7-jre", > >>> ver:"7u171-2.6.13-1~deb8u1", rls_regex:"DEB8\.[0-9]+", remove_arch:TRUE > >> > >> the "ver" argument of the isdpkgvuln() function takes the version of the > >> package containing a fix for the specific vulnerability. > >> > >> If you have version 7u171-2.6.13-1~deb8u1 of openjdk-7-jre installed at > >> the target then it is expected that no vulnerability is showing up with > >> your current NVT. > >> > >> As the https://security-tracker.debian.org/tracker/CVE-2018-2814 seems > >> to be "unfixed" in Debian 8/Jessie you need to assume a higher version > >> like 7u171-2.6.13-1~deb8u2 in isdpkgvuln until a fixed package is > >> available. > >> > >> Regards, > >> > >> -- > >> > >> Christian Fischer | PGP Key: 0x54F3CE5B76C597AD > >> Greenbone Networks GmbH | http://greenbone.net > >> Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 > >> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > >> > > > > -- > > Christian Fischer | PGP Key: 0x54F3CE5B76C597AD > Greenbone Networks GmbH | https://www.greenbone.net > Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner >
_______________________________________________ Openvas-plugins mailing list Openvas-plugins@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
