On 07/02/2012 10:53 AM, Silvio Cesare wrote: > Hi, > [ ... ] > Now some of these cases are going to be false positives. From looking at > the results, many of the vulns were probably fixed but have not been > reported in the security tracker. The report tries to be self > explanatory and justify why it thinks it's found a code copy based on > the source code being similar. It also tells you which source file has > the vuln based on the CVE summary.
The ia32-libs stuff are all false positives (assuming the package was updated after the security fixes came out, I'm not 100% sure about that :) And the openssl source is expected to contain the openssl source. Otherwise I think it might be worth to integraet such a check into the qa tools Debian runs regularity. Thanks for your work! Cheers, Bernd -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ff1777a.6050...@bzed.de
