9 Oct
2012
9 Oct
'12
1:33 a.m.
Paul Dwerryhouse <paul@dwerryhouse.com.au> wrote:
What exactly is debsecan using to determine these vulnerabilities?
I realise that the man page for it says that it bases vulnerabilities upon source packages, and that this results in errors being shown for all associated binaries, but I don't have an old version of any php package on my system that could be triggering it...
In addition, Debian back-port security-related patches, so it would have to look at more than the version number of the source package. The question is how reliable its data sources are.