debsecan should be removed from Ubuntu repositories
Bug #498058 reported by
Paul Tagliamonte
This bug report is a duplicate of:
Bug #95925: debsecan should be either adjusted (for ubuntu) or removed.
Edit
Remove
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
debsecan (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: debsecan
Debsecan should be removed from the Ubuntu repositories because it serves no purpose at this point. debsescan interfaces to the debian security tracker [1]. This is all well and good, but we have a different naming scheme for some packages, and a few diversions from upstream packages ( patches etc ) that cause this application to report bad data.
This package is a very valuable resource, so I propose a diversion from Debian, and create a ubusecan tool that uses launchpadlib to work off our CVE reports. This would produce accurate output without having to translate upstream names to downstream package names and compensate for patches applied.
Changed in debsecan (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
Followup examples:
==
One example of a CVE that was reported is CVE-2009-4128 shown as open in Ubuntu, but it shouldn't be affected.
Firefox issues are not shown since Debian's package is iceweasel
Any issue fixed in a DSA would appear to be fixed in Ubuntu regardless if Ubuntu had issued a USN as long as that version was older.
7 poppler issues marked as still open even though they were fixed in USN-850-3 ( and the same can be said for libgd issue CVE-2009-3546, cups CVE-2009-2820, vorbis issue CVE-2009-3379, and most USN posts )