[Secure-testing-team] debsecan announcement
Florian Weimer
fw at deneb.enyo.de
Wed Jan 18 18:12:10 UTC 2006
Hi,
I intend to send a real debsecan announcement to debian-devel and
debian-security. A draft is included below. Comments are
appreciated.
Florian
To: debian-devel, debian-security
Reply-To: debian-security
Subject: [ANN] Debian Security Analyzer
It is my pleasure to announce the availability of debsecan, the Debian
Security Analyzer.
debsecan is a tool which generates a list of vulnerabilities which
affect a particular Debian installation. The program runs on the host
which is to be checked, and downloads vulnerability information over
the Internet. It can send mail to interested parties when new
vulnerabilities relevant to a particular Debian host are discovered,
or when security updates become available.
The underlying vulnerability database is maintained by the Debian
testing security team: <http://secure-testing-master.debian.net/>
Despite its name, the database is up-to-date with respect to unstable
as well, and thanks to the efforts of the testing security team,
coverage of stable is getting better and better.
debsecan is available as a Debian package, or directly from this web
site: <http://www.enyo.de/fw/software/debsecan/>
It is designed to work as a stand-alone script, with no dependencies
besides Python 2.3 or later.
One caveat: Vulnerability information for kernels which are not based
on the linux-2.6 package in testing or unstable is still very
incomplete. The linux-2.6 package should be covered fairly well,
though.
More information about the Secure-testing-team
mailing list