Hosting Provided By

Re: debsecan vs. debian-volatile

From: Aneurin Price <aneurin.price(at)gmail.com>
Date: Tue Sep 04 2007 - 05:00:37 EDT

> Actually, debsecan should be able to deal with this situation.
>
> I guess that CVE-2007-4560 is an example for this kind of problem.
> We've marked it as fixed in version 0.91.2-1, but volatile contains
> 0.91.2-0volatile1, which is less than that. I suppose we could mark
> it as fixed in 0.91.2, which would cover both cases (and wouldn't
> introduce a false negative if this bug was in fact fixed upstream).
>

That's great. Thanks both of you for the replies.

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Sep 4 05:01:33 2007

This message: [ Message body ]
Next message: Johannes Wiedersich: "Re: secure installation"
Previous message: Florian Weimer: "Re: debsecan vs. debian-volatile"
In reply to: Florian Weimer: "Re: debsecan vs. debian-volatile"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:52:59 EDT