2015-02-18 15:11 GMT+01:00 John Goerzen <jgoer...@complete.org>: > Hi folks, > > So I recently downloaded and installed debsecan on several of my > machines. These are all fully up-to-date machines, running either > wheezy or jessie. For now I'll just focus on wheezy since it's where > our security focus should go. > > On this machine, it found 472 vulnerabilities. Quite a few of them fit > into the remotely exploitable, high urgency category. Many date back to > last year, some as far back as 2012. I've included a few examples at > the end. > > no panic! take a look ;) http://www.enyo.de/fw/software/debsecan/
> Now, it is possible with some of these that the security-tracker > database ought to be updated to reflect that there is not a true > vulnerability. However, many of them seem to be existing issues that > just got forgotten somehow. I've traced a few through bug reports and > such. > > I wonder: > > Are we already aware of these issues? > > Do we have plans to fix them? > > Do we know what would be helpful to fix them? > > Thanks, > > John bye, gionni