:: [DNG] Question about about "Securit…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Mtito at ->
Delete this message
Reply to this message
Author: R A Montante, Ph.D.
Date:  
To: dng
Subject: [DNG] Question about about "Security updates"
Apologies in advance if this is as dumb a question as I think it is, but...

I have Daedalus installed on my laptop, named "whiteknight", nothing too
exotic as far as I know/remember,  I've been getting daily local emails
with the subject "Subject: Debian security status of whiteknight", for
quite some time now.  They are from "daemon@"whiteknight" --- the
headers are in agreement on this, so I have at least one daemon running
on this system. (Gee.)

They contain lists of CVEs, apparently cumulatively --- the June 24
email lists 892 CVEs, while the July 27 email is up to 1100 CVEs.  Here
are the headers and first few lines of today's, followed by my questions:

> From daemon@??? Sun Jul 27 02:29:03 2025
> Return-path: <daemon@???>
> Envelope-to: bobmon@???
> Delivery-date: Sun, 27 Jul 2025 02:29:03 -0400
> Received: from daemon by whiteknight.TygerzHome with local (Exim 4.96)
>     (envelope-from <daemon@???>)
>     id 1ufusY-0006JK-2m
>     for bobmon@???;
>     Sun, 27 Jul 2025 02:29:02 -0400
> Subject: Debian security status of whiteknight
> To: bobmon@???
> Message-Id: <E1ufusY-0006JK-2m@???>
> From: daemon <daemon@???>
> Date: Sun, 27 Jul 2025 02:29:02 -0400
> Status: RO
>
> Security report based on the bullseye release
>
> *** New security updates
>
> CVE-2025-49794 A use-after-free vulnerability was found in libxml2....
> <https://security-tracker.debian.org/tracker/CVE-2025-49794>
>   - libxml2, libxml2, libxml2-utils
>
> CVE-2025-49796 A vulnerability was found in libxml2. Processing...
> <https://security-tracker.debian.org/tracker/CVE-2025-49796>
>   - libxml2, libxml2, libxml2-utils
>
> CVE-2025-6021 A flaw was found in libxml2's xmlBuildQName function,...
> <https://security-tracker.debian.org/tracker/CVE-2025-6021>
>   - libxml2, libxml2, libxml2-utils
>
> *** Available security updates
>
> CVE-2021-46310 An issue was discovered IW44Image.cpp in djvulibre...
> <https://security-tracker.debian.org/tracker/CVE-2021-46310>
>   - libdjvulibre-text, libdjvulibre21
>

I have three questions about this:

    1)  What is actually generating this email?  An how should I be
able to figure it out?

    2)  Why is it based on the debian "bullseye" release, given that
Daedalus is based on "bookworm"?

    3) What am I supposed to do about it?  (Shouldn't "apt upgrade" be
patching these when possible?)

Thanks for any help,
-Bob

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] spamassassin blacklist setupRe: [DNG] Question about about "Security updates"->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)