Last I checked, ia32-libs on squeeze didn't have the openssl patches for 0.9.8. I may have to check more thoroughly to be sure. It might have some other vulns as well.
-- Silvio On Mon, Jul 2, 2012 at 8:27 PM, Bernd Zeimetz <be...@bzed.de> wrote: > On 07/02/2012 10:53 AM, Silvio Cesare wrote: > > Hi, > > [ ... ] > > Now some of these cases are going to be false positives. From looking at > > the results, many of the vulns were probably fixed but have not been > > reported in the security tracker. The report tries to be self > > explanatory and justify why it thinks it's found a code copy based on > > the source code being similar. It also tells you which source file has > > the vuln based on the CVE summary. > > The ia32-libs stuff are all false positives (assuming the package was > updated after the security fixes came out, I'm not 100% sure about that > :) And the openssl source is expected to contain the openssl source. > > Otherwise I think it might be worth to integraet such a check into the > qa tools Debian runs regularity. > > Thanks for your work! > > Cheers, > > Bernd > > > > -- > Bernd Zeimetz Debian GNU/Linux Developer > http://bzed.de http://www.debian.org > GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F >
