Package: debsecan Version: 0.4.16+nmu1 Severity: wishlist Today debsecan alerted me about CVE-2013-1824 (a php5 issue). Based on the PTS page for php5 and my system update schedule, I can say with near certainty that I installed the fixed version of php5 more than two weeks before it sent the report. Even if I'm mistaken on the two weeks, I certainly had installed the fixed version before the report was generated.
When running with --only-fixed, it would be much more useful to tell me about fixes I have not yet installed than about fixes I installed some time ago. As it stands, between this and #588065, the signal to noise ratio on debsecan's reports is so low as to make it nearly useless for me. At the very least, it is important to have the report differentiate between installed fixes and available but not yet installed fixes. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.8.2 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages debsecan depends on: ii debconf [debconf-2.0] 1.5.49 ii python 2.7.3-4 ii python-apt 0.8.8.2 Versions of packages debsecan recommends: ii cron 3.0pl1-124 ii exim4 4.80-7 ii exim4-daemon-light [mail-transport-agent] 4.80-7 debsecan suggests no packages. -- debconf information: * debsecan/source: * debsecan/mailto: root * debsecan/suite: wheezy * debsecan/report: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
