[Secure-testing-team] Relevance of
http://www.debian.org/security/nonvulns-sarge
Helge Kreutzmann
debian at helgefjell.de
Sat Feb 10 15:41:03 UTC 2007
Hello,
reading the security annoucements on lwn.net, I've noticed for a while
that lots of software does not have a DSA, nor are the CVEs mentioned
on http://www.debian.org/security/nonvulns-sarge. I've compiled a list
of roundabout 60 CVEs which *might* apply to Sarge / Etch and started
checking them. I noticed, however, that those checks seemed to be
performed already, e.g. on
http://idssi.enyo.de/tracker/CVE-2007-0247
I see a note:
"[sarge] - squid <not-affected> (Vulnerable code not present)"
So why is this not mentioned in
http://www.debian.org/security/nonvulns-sarge which would be the most
natural place to look for vulnerabilities in a stable release?
My intention was to compile a list of entries for the nonvulns list
and either ask Joey to insert them or do it myself (I've commit
access, though I would not write there without permission /
coordination).
I would be glad for a clarification and thanks for your work /
http://idssi.enyo.de/.
Greetings
Helge
--
Dr. Helge Kreutzmann debian at helgefjell.de
Dipl.-Phys. http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
Help keep free software "libre": http://www.ffii.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070210/66ee9d89/attachment.pgp
More information about the Secure-testing-team
mailing list