Debsecan does not do what I want but I can have a look at the source code to see how it gets security informations :).
Thanks you, Best regards, Frédéric PICA 2008/7/28 Riku Valli <[EMAIL PROTECTED]>: > Frédéric PICA wrote: >> >> Ok, so the problem remains the same for me. >> It's possible that a package get updated for a security reason while >> being in the stable channel. This is contradictory with the security >> FAQ. >> Is there another way (for a program) to get the type of a package ? A >> special way to access the security tracker (RPC, ...) ?? >> > > May be debsecan is suitable for you? > > Description: Debian Security Analyzer > debsecan is a tool to generate a list of vulnerabilities which affect a > particular Debian installation. debsecan runs on the host which is to be > checked, and downloads vulnerability information over the Internet. It can > send mail to interested parties when new vulnerabilities are discovered or > when > security updates become available. > > Regards, Riku >> >> Thanks, >> Frédéric PICA >> >> 2008/7/28 Steffen Joeris <[EMAIL PROTECTED]>: >> >>> >>> Hi Frederic >>> >>> On Mon, 28 Jul 2008 11:54:55 pm you wrote: >>> >>>> >>>> Ok, so this one : >>>> ----------------------------------- >>>> proftpd-dfsg (1.3.0-19etch1) stable; urgency=low >>>> >>>> * [SECURITY] Added patch auth_cache.dpatch. It fixes CVE-2007-2165. >>>> >>>> -- Francesco Paolo Lovergine <[EMAIL PROTECTED]> Tue, 15 Jan 2008 >>>> 11:50:31 +0100 >>>> ----------------------------------- >>>> >>>> should have been in the security channel, and not in stable. >>>> So this is an "error" of the package maintainer and should be an >>>> isolate case, right ? >>>> >>> >>> Nope, this was a minor issue according to the tracker and thus it got >>> fixed in >>> a point release. CVE ids are not only for major issues, but for all sorts >>> of >>> security issues. >>> >>> Cheers >>> Steffen >>> >>> >>> > >
