Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6166
| Path | csiph.com!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Tomas Sarquis <tomas.sarquis@wazuh.com> |
| Newsgroups | linux.debian.security |
| Subject | Questions concerning Debian's security feed |
| Date | Wed, 24 Aug 2022 13:40:01 +0200 |
| Message-ID | <EXWTL-2Klt-5@gated-at.bofh.it> (permalink) |
| X-Original-To | debian-security@lists.debian.org |
| X-Mailbox-Line | From debian-security-request@lists.debian.org Wed Aug 24 11:30:12 2022 |
| Old-Return-Path | <tomas.sarquis@wazuh.com> |
| X-Amavis-Spam-Status | No, score=0.89 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, T_REMOTE_IMAGE=1, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .wazuh. - helo: .mail-oa1-x2a.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5 |
| X-Gm-Message-State | ACgBeo38fdN0XTlZVSLKVIq1sr8spWStbZeE4QYvIfYrVkYNAKs+8KgX eb+MmZC2lIK7mCGPH3wIw2O+VJv2B4NE8Ap/ZGA+yntcY3A2g4Wa |
| X-Google-SMTP-Source | AA6agR56H5NI+Qu7FhnQHbmgAyLm0lODllygjyirHM4MegAvx7CINY96SsFdzzaaMOS6Pa5revLSNHC2Wy2yfwvAWwc= |
| X-Received | by 2002:a05:6870:352:b0:10e:d4ee:a3f2 with SMTP id n18-20020a056870035200b0010ed4eea3f2mr3494781oaf.172.1661339534998; Wed, 24 Aug 2022 04:12:14 -0700 (PDT) |
| MIME-Version | 1.0 |
| Content-Type | multipart/alternative; boundary="000000000000d5d71305e6fac004" |
| X-Mailing-List | <debian-security@lists.debian.org> archive/latest/29322 |
| List-ID | <debian-security.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-security/> |
| List-Archive | https://lists.debian.org/msgid-search/CAGQnybFeEOzhMv0=q0+f9obwwAohKzkBAPQ4dku9fFC_qWK_MQ@mail.gmail.com |
| Approved | robomod@news.nic.it |
| Lines | 318 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | Sebastian Falcone <sebastian.falcone@wazuh.com> |
| X-Original-Date | Wed, 24 Aug 2022 08:11:55 -0300 |
| X-Original-Message-ID | <CAGQnybFeEOzhMv0=q0+f9obwwAohKzkBAPQ4dku9fFC_qWK_MQ@mail.gmail.com> |
| Xref | csiph.com linux.debian.security:6166 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hello to Debian's security team.
I'm researching the Debian's security feed
<https://security-tracker.debian.org/tracker> and I have a couple of
questions about the meaning of some of the keys included on the JSON feed.
Below are the keys in question.
- *repositories *key: I think this is a reference to the last version of
the package, although I'm not sure. Example below, from vnc4 package:
"CVE-2009-3560": {
"description": "The big2_toUtf8 function...
"debianbug": 560901,
"scope": "local",
"releases": {
"buster": {
"status": "resolved",
"*repositories*": {
"buster": "4.1.1+X4.3.0+t-1"
},
"fixed_version": "0",
"urgency": "unimportant"
}
}
}
- *fixed_version *key: Its name is quite obvious but, there is a (very
common) special case where fixed_version equals "0". According to a little
research I've made, this could be related to the fact that the CVE is not
affecting the current release of the OS. Example below, from gauche package:
"CVE-2005-4443": {
"description": "Untrusted search path vulnerability ...
"scope": "local",
"releases": {
"bullseye": {
"status": "resolved",
"repositories": {
"bullseye": "0.9.10-3"
},
"*fixed_version*": "0",
"urgency": "unimportant"
},
"buster": {
"status": "resolved",
"repositories": {
"buster": "0.9.6-10"
},
"*fixed_version*": "0",
"urgency": "unimportant"
},
"sid": {
"status": "resolved",
"repositories": {
"sid": "0.9.10-3"
},
"*fixed_version*": "0",
"urgency": "unimportant"
}
}
}
I would love this to be clarified, so any help would be appreciated.
Thanks in advance!
--
Tomas Sarquis
Software Engineer
+54 351 741 1244
[image: Wazuh] <https://wazuh.com>
The Open Source Security Platform <https://wazuh.com>
Back to linux.debian.security | Previous | Next | Find similar
Questions concerning Debian's security feed Tomas Sarquis <tomas.sarquis@wazuh.com> - 2022-08-24 13:40 +0200
csiph-web