Bug#816174: debsecan: clarify report category "fixed vulnerabilities"

[Florian Weimer]

* Christian Pernegger:

> I have to admit that I'm confused about the meaning of the report
> headers in the nightly report. Does "fixed vulnerabilities" mean fixed
> in the archive, as in I should go download an update or is it fixed on the
> system?

It means these vulnerabilities are no longer present in the currently
installed packages, but were present before.

This can happen as the result of package updates, or if the security
tracker data was updated, indicating that the installed version is no
longer vulnerable.

It would make sense to tell the two cases apart.

Bug#816174: debsecan: clarify report category "fixed vulnerabilities"

[Christian Pernegger]

Package: debsecan
Version: 0.4.17
Severity: wishlist

Hi,

I have to admit that I'm confused about the meaning of the report
headers in the nightly report. Does "fixed vulnerabilities" mean fixed
in the archive, as in I should go download an update or is it fixed on the
system?

Regards,
Christian


-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debsecan depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  python 2.7.9-1
ii  python-apt 0.9.3.12

Versions of packages debsecan recommends:
ii  cron   3.0pl1-127+deb8u1
ii  nullmailer [mail-transport-agent]  1:1.13-1

debsecan suggests no packages.

-- debconf information excluded