To sum this up: 1) I'm running sarge
2) I have installed few sid packages where I need recent features thanks to /etc/apt/preferences (mainly php5 and it's deps) 3) both sarge and sid packages are the latests packages of the official distributions 4) I need to run debsecan every few minutes and receive alerts on my mobile phone if any installed package is insecure and can be fixed with APT I've been using "debsecan --suite sarge --only-fixed" with a Nagios plugin for the last few weeks, it worked like a charm for sarge installed packages and simply ignored sid packages. This was acceptable because 95% of the packages were checked by debsecan in this scenario and we've always received Nagios alerts as soon as one of our 50 servers was compromised and can be fixed with APT. ... But recently, and I don't know why, it broke. All packages are up-to-date and debsecan keeps on complaining: [EMAIL PROTECTED]:~# debsecan --suite sarge --only-fixed CVE-2006-1061 libcurl3 (fixed) [EMAIL PROTECTED]:~# Which debsecan options do I have to use? -- Cyril Bouthors
pgpDDIbgITovW.pgp
Description: PGP signature