Package: debsecan
Version: 0.4.3.3
Severity: wishlist
I think the current output is a bit confusing because it focuses too much
on the security advisory numbers.
I suggest to sort the output not according to the CVE numbers but keeping
together all vulnerabilities of the same source package
(ie, for instance currently i have
CVE-2006-0496, CVE-2006-4310 and CVE-2006-5747 (and much more) affecting
Firefox packages, intermixed with those of other packages. I would collect
all of them together under the name of the package:
-----
firefox (1.5.dfsg+1.5.0.7-2, testing) affected by:
CVE-2006-0496 Cross-site scripting (XSS) vulnerability in Mozilla...
<http://....>
Status: obsolete package, this vulnerability will not be fixed
CVE-2006-4310 Mozilla Firefox 1.5.0.6 allows remote attackers to...
<http://....>
Status: fixed in version X.Y.Z (unstable)
CVE-2006-5747 Unspecified vulnerability in Mozilla Firefox before...
<http://....>
Urgency: high
Status: no fix available
Recommendation:this package is OBSOLETE, remove it!
------
Moreover, as you see in my suggestion above, i really miss a clear version
information, the affected/installed package version and its origin
(stable, testing, unstable) and a clear recomendation what to do:
obsolete -> remove package
update available -> upgrade to version x.y.z/unstable
etc.
Thanks a lot!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
