Package: debsecan
Version: 0.4.16+nmu1
Severity: wishlist

Today debsecan alerted me about CVE-2013-1824 (a php5 issue).  Based on the
PTS page for php5 and my system update schedule, I can say with near
certainty that I installed the fixed version of php5 more than two weeks
before it sent the report.  Even if I'm mistaken on the two weeks, I
certainly had installed the fixed version before the report was generated.

When running with --only-fixed, it would be much more useful to tell me
about fixes I have not yet installed than about fixes I installed some time
ago.

As it stands, between this and #588065, the signal to noise ratio on
debsecan's reports is so low as to make it nearly useless for me.

At the very least, it is important to have the report differentiate between
installed fixes and available but not yet installed fixes.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.8.2 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages debsecan depends on:
ii  debconf [debconf-2.0]  1.5.49
ii  python                 2.7.3-4
ii  python-apt             0.8.8.2

Versions of packages debsecan recommends:
ii  cron                                       3.0pl1-124
ii  exim4                                      4.80-7
ii  exim4-daemon-light [mail-transport-agent]  4.80-7

debsecan suggests no packages.

-- debconf information:
* debsecan/source:
* debsecan/mailto: root
* debsecan/suite: wheezy
* debsecan/report: true


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to