Package: debsecan Version: 0.4.19 Severity: normal In the daily report, debsecan seems to regard -dbgsym packages as obsolete. These packages are not obsolete, they are just from a suite and repo that is different from the rest of the installed packages.
For example, before installing pngcrush-dbgsym: CVE-2015-7700 Double-free vulnerability in the sPLT chunk structure... <https://security-tracker.debian.org/tracker/CVE-2015-7700> - pngcrush (remotely exploitable, high urgency) After installing pngcrush-dbgsym: CVE-2015-7700 Double-free vulnerability in the sPLT chunk structure... <https://security-tracker.debian.org/tracker/CVE-2015-7700> - pngcrush (remotely exploitable, high urgency) - pngcrush-dbgsym (remotely exploitable, high urgency, obsolete) $ apt policy pngcrush-dbgsym pngcrush-dbgsym: Installed: 1.7.85-1+b2 Candidate: 1.7.85-1+b2 Version table: *** 1.7.85-1+b2 900 900 https://deb.debian.org/debian-debug testing-debug/main amd64 Packages 800 https://deb.debian.org/debian-debug unstable-debug/main amd64 Packages 100 /var/lib/dpkg/status $ apt policy pngcrush pngcrush: Installed: 1.7.85-1+b2 Candidate: 1.7.85-1+b2 Version table: *** 1.7.85-1+b2 900 900 https://deb.debian.org/debian testing/main amd64 Packages 800 https://deb.debian.org/debian unstable/main amd64 Packages 100 /var/lib/dpkg/status -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages debsecan depends on: ii ca-certificates 20170717 ii debconf [debconf-2.0] 1.5.69 ii python 2.7.15-3 ii python-apt 1.6.2 Versions of packages debsecan recommends: ii cron 3.0pl1-130 ii exim4 4.91-6 ii exim4-daemon-light [mail-transport-agent] 4.91-6 debsecan suggests no packages. -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part