Hi, I'd like to use the debsecan tool to keep me updated about open security issues and available fixes. I tried it and it works almost as expected i.e. almost the same as on a vanilla debian system. But there seems to be one problem. When a package has a RPi specific version, as indicated by the +rpt1+ substring in the version suffix, debsecan seems to warn about vulnerabilities in the package even if they have been fixed in the underlying pure debian version -- the one with +rpt1+ removed.
As an example, consider the package libbluetooth3 as it exists now in the bookworm release, which is version 5.66-1+rpt1+deb12u2. When I run debsecan --suite bookworm it includes vulnerability CVE-2023-27349 in its report. But then, looking this up on security-tracker.debian.org, I learn that this is fixed in the debian version 5.66-1+deb12u2 -- and so, I presume it is already fixed in the corresponding RPi version as well.
Am I making sense so far? If my understanding above is correct, this would make debsecan not very useful for me after all Image may be NSFW.
Clik here to view.
because I would have to look at each package changelog after upgrades to track the issues, which is already what I do now ...
So my questions are:
As an example, consider the package libbluetooth3 as it exists now in the bookworm release, which is version 5.66-1+rpt1+deb12u2. When I run debsecan --suite bookworm it includes vulnerability CVE-2023-27349 in its report. But then, looking this up on security-tracker.debian.org, I learn that this is fixed in the debian version 5.66-1+deb12u2 -- and so, I presume it is already fixed in the corresponding RPi version as well.
Am I making sense so far? If my understanding above is correct, this would make debsecan not very useful for me after all Image may be NSFW.
Clik here to view.

So my questions are:
- * do I have the facts correct above?
* is this basically a bug in debsecan that ought to be fixed?
* is there an automated workaround now?
Statistics: Posted by nobrowser — Sun Nov 10, 2024 4:12 am — Replies 1 — Views 34