* Matt McCants: > Does anyone here have PCI audits being done on their Debian boxes?
Yes, we hear about that from time to time. > The company I work for uses TrustKeeper and the one Debian box I've > managed to get my boss to allow keeps failing unjustly. Usually they > fail us due to version strings only (Saying anything less than the > latest version is insecure [hah!]), and when I appeal that, they > fail us for reasons that don't even affect us. There are probably companies that provide a more thorough analysis. > http://security-tracker.debian.org/tracker/CVE-2009-2699 > http://security-tracker.debian.org/tracker/CVE-2009-3095 > http://security-tracker.debian.org/tracker/CVE-2009-3094 > The first is self explanatory, and as for mod_proxy_ftp, I don't even > have that loaded. The other two are already fixed in stable-proposed-updates in 2.2.9-10+lenny5, so you could upgrade to that version. The general issue is difficult to address, I'm afraid. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
