Package: debsecan Version: 0.4.20.1 Severity: normal CVE-2022-38457[0] is not being reported on a bullseye system with a vulnerable kernel:
root# dpkg -l *linux-image* | grep ii ii linux-image-5.10.0-19-amd64-unsigned 5.10.149-2 amd64 Linux 5.10 for 64-bit PCs root# debsecan | grep CVE-2022-38457 root# Tinkering a bit with the debsecan source code, we can see that CVE-2022-38457 is internally referenced with id 34442, which is not tied to any source package in debsecan's data file: root# grep 34442 /tmp/debsecan-data-20230724.txt root# Cheers, -- Seb [0] https://security-tracker.debian.org/tracker/CVE-2022-38457 -- System Information: Debian Release: 12.0 APT prefers oldstable-security APT policy: (500, 'oldstable-security'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-8-amd64 (SMP w/36 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debsecan depends on: ii ca-certificates 20230311 ii debconf [debconf-2.0] 1.5.82 ii python3 3.11.2-1+b1 ii python3-apt 2.5.3 Versions of packages debsecan recommends: ii cron [cron-daemon] 3.0pl1-162 ii postfix [mail-transport-agent] 3.7.4-2 debsecan suggests no packages.
