Your message dated Fri, 04 May 2018 12:00:24 +0000
with message-id <e1feznw-0001qb...@fasolo.debian.org>
and subject line Bug#820614: fixed in vuls 0.4.2-1
has caused the Debian Bug report #820614,
regarding ITP: vuls -- package inventory scanner for CVE vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
820614: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: wnpp
Severity: wishlist
Owner: Daniel Stender <sten...@debian.org>
* Package name : vuls
Version : 0.1.1
Upstream Author : Kota Kanbe <kotaka...@gmail.com>
* URL : https://github.com/future-architect/vuls
* License : GPL-3
Programming Lang: Google Go
Description : package inventory scanner for CVE vulnerabilities
This is scanner which checks the package inventory against a local copy of
the National Vunerabilities Database (NVD) of vulnerabilities according to
their CVE (Common Vulnerabilities and Exposures) indentifiers. The backends
supports a couple of OSs (Debian, RHEL, CentOS, Amazon Linux). Scanning servers
over the network is possible.
A typical scan goes like (a Ubuntu 12.04 server via SSH):
<cut>
$ ./vuls scan
[Apr 10 16:21:02] INFO [localhost] Validating Config...
[Apr 10 16:21:02] INFO [localhost] Detecting OS...
[Apr 10 16:21:06] INFO [localhost] Scanning vulnerabilities...
[Apr 10 16:21:06] INFO [localhost] Check required packages for scanning...
[Apr 10 16:21:06] INFO [localhost] Scanning vulnerable OS packages...
{...}
[Apr 10 16:21:44] INFO [myserver:22] (1/22) Scanned
libisccfg82-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (2/22) Scanned
libisc83-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (3/22) Scanned
libisccc80-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (4/22) Scanned
dnsutils-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (5/22) Scanned
libgnutls26-2.12.14-5ubuntu3.11 : []
[Apr 10 16:21:44] INFO [myserver:22] (6/22) Scanned
liblwres80-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (7/22) Scanned
ca-certificates-20141019ubuntu0.12.04.1 : []
[Apr 10 16:21:44] INFO [myserver:22] (8/22) Scanned
bind9-host-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (9/22) Scanned
libbind9-80-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (10/22) Scanned
libdns81-1:9.8.1.dfsg.P1-4ubuntu0.15 : [CVE-2016-1285 CVE-2016-1286]
[Apr 10 16:21:44] INFO [myserver:22] (11/22) Scanned libpcre3-8.12-4ubuntu0.1
: [CVE-2015-2327 CVE-2015-8382 CVE-2015-8385 {...}
[Apr 10 16:21:44] INFO [myserver:22] (12/22) Scanned
perl-base-5.14.2-6ubuntu2.4 : [CVE-2013-7422 CVE-2014-4330 CVE-2016-2381]
[Apr 10 16:21:44] INFO [myserver:22] (13/22) Scanned libpam0g-1.1.3-7ubuntu2 :
[CVE-2015-3238 CVE-2013-7041 CVE-2014-2583]
[Apr 10 16:21:44] INFO [myserver:22] (14/22) Scanned openssl-1.0.1-4ubuntu5.33
: [CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 {...}
[Apr 10 16:21:44] INFO [myserver:22] (15/22) Scanned
libpam-modules-bin-1.1.3-7ubuntu2 : [CVE-2015-3238 CVE-2013-7041 CVE-2014-2583]
[Apr 10 16:21:44] INFO [myserver:22] (16/22) Scanned
linux-generic-lts-trusty-3.13.0.79.71 : []
[Apr 10 16:21:44] INFO [myserver:22] (17/22) Scanned
libpam-modules-1.1.3-7ubuntu2 : [CVE-2015-3238 CVE-2013-7041 CVE-2014-2583]
[Apr 10 16:21:44] INFO [myserver:22] (18/22) Scanned perl-5.14.2-6ubuntu2.4 :
[CVE-2013-7422 CVE-2014-4330 CVE-2016-2381]
[Apr 10 16:21:45] INFO [myserver:22] (19/22) Scanned
libssl1.0.0-1.0.1-4ubuntu5.33 : [CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 {...}
[Apr 10 16:21:45] INFO [myserver:22] (20/22) Scanned
libpam-runtime-1.1.3-7ubuntu2 : [CVE-2015-3238 CVE-2013-7041 CVE-2014-2583]
[Apr 10 16:21:46] INFO [myserver:22] (21/22) Scanned
tzdata-2015g-0ubuntu0.12.04 : []
[Apr 10 16:21:46] INFO [myserver:22] (22/22) Scanned
perl-modules-5.14.2-6ubuntu2.4 : [CVE-2013-7422 CVE-2014-4330 CVE-2016-2381]
[Apr 10 16:21:46] INFO [myserver:22] Fetching CVE details...
[Apr 10 16:21:46] INFO [myserver:22] Done
[Apr 10 16:21:46] INFO [localhost] Scanning vulnerable software specified in
the CPE...
[Apr 10 16:21:46] INFO [localhost] Reporting...
myserver (ubuntu 12.04)
=======================
CVE-2016-0799 10.0 The fmtstr function in crypto/bio/b_print.c in OpenSSL
1.0.1 before 1.0.1s and 1.0.2
before 1.0.2g improperly calculates string lengths,
which allows remote attackers to
cause a denial of service (overflow and out-of-bounds
read) or possibly have
unspecified other impact via a long string, as
demonstrated by a large amount of
ASN.1 data, a different vulnerability than
CVE-2016-2842.
CVE-2016-0705 10.0 Double free vulnerability in the dsa_priv_decode
function in crypto/dsa/dsa_ameth.c
in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
allows remote attackers to
cause a denial of service (memory corruption) or
possibly have unspecified other
impact via a malformed DSA private key.
CVE-2016-0798 7.8 Memory leak in the SRP_VBASE_get_by_user implementation
in OpenSSL 1.0.1 before
1.0.1s and 1.0.2 before 1.0.2g allows remote attackers
to cause a denial of service
(memory consumption) by providing an invalid username
in a connection attempt,
related to apps/s_server.c and crypto/srp/srp_vfy.c.
{...}
</cut>
That's quite useful to have available for administration. I'm going to maintain
this within
the Pkg-go group, the binary is going to be "vuls". WNPP bugs for the needed
dependencies are
coming up.
Thank you very much,
DS
--- End Message ---
--- Begin Message ---
Source: vuls
Source-Version: 0.4.2-1
We believe that the bug you reported is fixed in the latest version of
vuls, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 820...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <iwama...@debian.org> (supplier of updated vuls package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 Nov 2017 10:18:47 +0900
Source: vuls
Binary: vuls
Architecture: source amd64
Version: 0.4.2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Go Packaging Team
<pkg-go-maintain...@lists.alioth.debian.org>
Changed-By: Nobuhiro Iwamatsu <iwama...@debian.org>
Description:
vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
Closes: 820614
Changes:
vuls (0.4.2-1) experimental; urgency=medium
.
* Initial release (Closes: #820614)
Checksums-Sha1:
b98de8b0d9bf7fab3a32420858e648d955cb1720 3773 vuls_0.4.2-1.dsc
ded4d67fbdc5d8aee88183d24321c839d25496c2 1401352 vuls_0.4.2.orig.tar.xz
cb7ffaa0cef098399627e0a2ba7cb8b8c2899b7c 4700 vuls_0.4.2-1.debian.tar.xz
c42e9ee244001cc7c6d891171f4d3103f903d859 1944464 vuls-dbgsym_0.4.2-1_amd64.deb
991581fc2a1021074d42dbbad808b564ad6bf768 10868 vuls_0.4.2-1_amd64.buildinfo
a1fd3d0dfa0a21327700c96e416b7634ba84b7bd 3613500 vuls_0.4.2-1_amd64.deb
Checksums-Sha256:
0ac75bc89c74f37507611777172e1ecb7b5765126ac1b78e9cd65cd068fd9ee8 3773
vuls_0.4.2-1.dsc
192aeab964d167ce45e7b974146a6d31ea306d9f7d96fc0fcf5b9df271b1fd99 1401352
vuls_0.4.2.orig.tar.xz
5de03ea79542cdf4d4fadf17f84821da7e7c2fcc1d916d759af715f2823435e3 4700
vuls_0.4.2-1.debian.tar.xz
f1460c2bd341d3887080e6ac8889460b2892589a7108445a1375916113476bda 1944464
vuls-dbgsym_0.4.2-1_amd64.deb
64d2b7680ceafbd513c6c98d261b21a73baf26cb6993afd65d1eac7763d1f34a 10868
vuls_0.4.2-1_amd64.buildinfo
231974773317a7f4c0ef456bbf5fba9ddfafb9a545d7564067885483eb7fca5c 3613500
vuls_0.4.2-1_amd64.deb
Files:
9c6a636436354e110d3f3ff9ed74004f 3773 devel optional vuls_0.4.2-1.dsc
85bfe02437e78d51f04900f2e277ad69 1401352 devel optional vuls_0.4.2.orig.tar.xz
bcf7bfd419d185b93b28b86450d675c1 4700 devel optional vuls_0.4.2-1.debian.tar.xz
19791833b1d5064f09f6eb314e116d00 1944464 debug optional
vuls-dbgsym_0.4.2-1_amd64.deb
d67d15b014e3c60fa51805f64f7c8cbc 10868 devel optional
vuls_0.4.2-1_amd64.buildinfo
be6ef0c4b5b9f06a465fbd096ed90b4b 3613500 devel optional vuls_0.4.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAlrgRLsACgkQMiR/u0Ct
H6ZObBAAihaHMVXXjyNXPB+QhTgefNVoF2x3VkdEdEh8ocvwRXTRS48ABn5dVqyG
c59fIR8CfWs+PNRMplesdZ/72HX3oF9rrBw9grjwKx7Xn45GZKSrXr7ArCYO57Ij
dgJ/xROMLCwh2mfD0mZ2eCRmqZNZqRolx5MRwySsGXr3mHDah+lh3JbF61T3MIIp
rtrt5poV2sQPI2QqGyfmEk+BiPP8DC/EZz001cwp35NtxxXIrNaeKyaymIn9tsLg
XomPWTRjCev74bHpkjS8UsAjAzCzNd6n9TXqR2vIXsv+Gc5SfS5EG+pMBK3NrS9K
qX8XuTCxQY6Nd8f8iR2f/zUiaXMFhGAIkZvXExLd405Iqueb7eSAKmNtGP5wdAsx
gKA93dKySeFTtoYWfD9Zl4GoHRaepps1xoWMhku7p+8qqp/GYPavSuCUNyMk0/De
ZfG9eCRFiLUPtDNEVD6CQiD20PKgemlgihFS53/3bVI6v/ClAqRJTMVgdDdv8wvE
SeHreZxF0xqJT97qDa0BdhQQdf6X4fW6t4wEHzSffO5ER6RrfytLhBTIA2cBUDmp
1TDkQ8TBe0iAaiArQO00XBMdtnMVT5cGPVlz+9xEuNadhP/035OkCYXIIJ4uk5+7
GodF1zF9kGPLaW0k2DO7EltOgOWKOWVibkD6OPmURCn70LGrj/g=
=gPcg
-----END PGP SIGNATURE-----
--- End Message ---
