The unofficial database proposed in
https://bugs.launchpad.net/ubuntu/+source/debsecan/+bug/95925/comments/12
appears to work. It's at least a major improvement on the current
situation.
I'd suggest that Ubuntu officially adopt the server-side tool and that
appropriate updates are made to the def
** Tags added: focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/95925
Title:
debsecan should be either adjusted (for ubuntu) or removed
To manage notifications about this bug go to:
https://bugs
** Tags removed: precise quantal raring
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/95925
Title:
debsecan should be either adjusted (for ubuntu) or removed
To manage notifications about this bug
We've just finished a tool to build debsecan suitable databases from the
Ubuntu CVE Tracker data.
It is open source under Apache 2.0 and it is available here:
https://github.com/BBVA/ust2dsa
Using Github's CI we rebuild the databases every 6 hours for them to
contain the latest vulnerability info
We are working in a small piece of software to be able to generate
debsecan compatible databases from the information available in the
Ubuntu Security Tracker. After this is done, with some minor changes to
debsecan, we could solve this issue.
Do this sound like a reasonable idea to you?
--
You
Happy tenth birthday to this bug report on a (universe, I admit) package
which has never worked in Ubuntu, and which has always provided
incorrect information. :-/
~mail-codenest Lynis test PKGS-7366 is already restricted to Debian
systems, see Lynis issue 446 (please open another bug report there
After getting flagged by Lynis for not having this installed, I looked
into this tool to find out more. This absolutely sounds like a useful
tool, and it should modified for Ubuntu, not removed...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
It's great to aspire to fixing the package. When it's fixed, it can
return to the archive. In the meantime, it doesn't belong in the
archive. It's useless at best, dangerous at worst.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
htt
While investigating this tool as an addition to Lynis, I discovered this
bug thread. Even after years, the output of this tool is confusing and
showing false positives for Ubuntu. It actually does more harm than good
at this point.
Did someone from security team already looked at this case?
--
Y
Guys, I think that it is very important to make debsecan compatible with
Ubuntu-ecosystem.
Sometimes I use Gentoo Linux, they have great tool - glsa-check
(http://www.gentoo.org/doc/en/security/security-
handbook.xml?part=1&chap=14, http://wiki.gentoo.org/wiki/GLSA) - it
tests installed packages a
Someone: Just please RM this :)
** Changed in: debsecan (Ubuntu)
Importance: Wishlist => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/95925
Title:
debsecan should be either adjusted (for
** Summary changed:
- debsecan should be adjusted for ubuntu
+ debsecan should be either adjusted for ubuntu or removed
** Tags added: precise quantal raring
** Summary changed:
- debsecan should be either adjusted for ubuntu or removed
+ debsecan should be either adjusted (for ubuntu) or remov
12 matches
Mail list logo
