Dear Colleagues, There is something about debsecan I don't understand, can you please clarify for me?
CVE-2020-1967 was fixed in version 1.1.1d-0+deb10u3, I have 1.1.1d-0+deb10u2 installed, but for some reason debsecan does not report the vulnerable package: # dpkg -l | grep openssl ii openssl 1.1.1d-0+deb10u2 amd64 Secure Sockets Layer toolkit - cryptographic utility # debsecan --suite buster | grep CVE-2020-1967 # What am I doing wrong? I'm familiar with FreeBSD's "pkg audit", maybe I'm misusing debsecan? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
