* Cyril Bouthors: > On top of that, libcurl3 is not listed as obsolete and is not fixed > nor vulnerable : > > web8:~# debsecan --only-fixed --suite sarge | grep -v obsolete > CVE-2005-4077 libcurl3 (fixed, medium urgency) > web8:~# apt-get install libcurl3 > libcurl3 is already the newest version. > web8:~# dpkg -l libcurl3 > ||/ Name Version > +++-=====================================-======== > ii libcurl3 7.15.0-4 > > So I guess it shouldn't be listed by debsecan.
This package is not from sarge, and it is vulnerable. You need to downgrade it, or upgrade it to the version in etch/sid. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
