* David Corcuera [ 7. May 2009]: > I am new with OpenVAS and still testing it. So perhaps, i am asking > something silly. > I've installed OpenVAS from debian package in etch and ran my first scan > against an internal host. > Results: 4 security holes. > Two of them are on mysql and other two on CUPS. > My debian etch has mysql 5.0.32-7etch10 and cupsys 1.2.7-4etch7 (last > official etch packages) > According to OpenVAS report, i should have installed mysql 5.0.66 and > cupsys 1.3.10, but my versions also fix all these vulnerabilities. > What is wrong with this? Any idea?
I'm not really sure since I'm not a plugin author, but my first guess is that the hole was fixed in MySQL 5.0.66, but Debian backported the changes to the version they packaged for etch. I assume you are doing a remote scan; the remote scan will probably not know that the hole has already been fixed in Debian despite the low version number. Plugin authors: Am I right? Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgppDMQe47fhx.pgp
Description: PGP signature
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
