Bug#487905: false positives
Not sure whether this is really the same issue. I installed debsecan to try it out. Running debsecan --suit etch --only-fixed --format detail | less gives lots of results like this one CVE-2006-5753 (fixed) Unspecified vulnerability in the listxattr system call in Linux ... installed: linux-image-2.6.18-6-686 2.6.18.dfsg.1-23etch1 (built from linux-2.6 2.6.18.dfsg.1-23etch1) fixed in unstable: linux-2.6 2.6.20-1 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-13etch1 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-13etch2 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-13etch3 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-13etch4 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-13etch5 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-13etch6 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-17etch1 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-18etch1 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-18etch3 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-18etch4 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-18etch5 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-18etch6 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-22etch2 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-22etch3 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-23 (source package) fix is available for the selected suite (etch) debsecan --suite etch --only-fixed | grep linux-image | wc -l: 102 Right now this tool looks completely unusable to me, since I am drowning in false positives... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#487905: false positives
* Martin: fixed on branch: linux-2.6 2.6.18.dfsg.1-22etch2 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-22etch3 (source package) fixed on branch: linux-2.6 2.6.18.dfsg.1-23 (source package) fix is available for the selected suite (etch) -23etch1 was missing from this list when you invoked debsecan. It's now there, so those false positives should have disappeared again. This was the result of a race condition; I think the window has been closed further, so this should not be visible in the future. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org