On Sunday, 10 May 2020 08:18:29 PDT Victor Sudakov wrote: > Have I asked in the wrong list? Which list would be more appropriate?
Hi Victor, I think this is the right list. But it seems that the message got lost somehow in the high volume. I have not used debescan personally, so I am replying simply to keep this thread alive hoping to get it more visibility > Victor Sudakov wrote: > > Dear Colleagues, > > There is something about debsecan I don't understand, can you please > > clarify for me? > > > > CVE-2020-1967 was fixed in version 1.1.1d-0+deb10u3, I have > > 1.1.1d-0+deb10u2 installed, but for some reason debsecan does not report > > the vulnerable package: > > > > # dpkg -l | grep openssl > > ii openssl 1.1.1d-0+deb10u2 amd64 > > Secure Sockets Layer toolkit - cryptographic utility # debsecan --suite > > buster | grep CVE-2020-1967 > > # > > > > What am I doing wrong? > > > > I'm familiar with FreeBSD's "pkg audit", maybe I'm misusing debsecan? ------------------- Ihor Antonov
