[Secure-testing-team] Debian Security Analyzer (debsecan)
Joey Hess
joeyh at debian.org
Wed Dec 14 17:58:23 UTC 2005
Florian Weimer wrote:
> I've hacked something to check installed packages against the
> vulnerability database. It's similar to the tsck script, but should
> handle all package annotations correctly. Most of the logic is
> server-side; debsecan downloads a compressed, release-specific
> vulnerability list.
>
> Currently, there's only a darcs repository. Get it and test it:
>
> $ darcs get http://darcs.enyo.de/fw/debian/debsecan/debian debsecan
> $ python debsecan/src/debsecan --suite sid
>
> (Or sarge or etch, as needed.)
>
> Comments and suggestions are welcome. This tool is still in a very
> early stage, but I guess it's already pretty useful.
Very nice. You plan to upload the deb soon?
It might be good to either move at least the files debsecan uses to a
debian.org machine, or add a debian.net address for it, so that the url
it downloads from is more under debian's control.
Could it also list unfixed vulnerabilities?
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20051214/58e1e6f5/attachment.pgp
More information about the Secure-testing-team
mailing list