See all Debian/Ubuntu Linux related FAQ
I am a Debian Linux server user. How do I view the changelog of an installed package and find out if given CVE includes a fix or patch? How do I see a fix or patch already applied to installed package on a Ubuntu or Debian LTS server?

The changelog of an installed package is usually stored as follows on a Debian or Ubuntu or Mint Linux:

  1. Directory: /usr/share/doc/${Package-Name-Here}/
  2. Changelog filename: changelog.Debian.gz or changelog.gz

You can use the less command or zgrep command to view /usr/share/doc/<Package-Name-Here>/changelog.Debian.gz file.

Tutorial details
Difficulty level Easy
Root privileges No
Requirements Linux terminal
Category Package Manager
OS compatibility Debian Mint Pop!_OS Ubuntu
Est. reading time 2 minutes

Syntax to find out if installed APT package includes a Fix/Patch CVE Number

You need to replace <PackageNameHere> with the actual package name:
$ less /usr/share/doc/<PackageNameHere>/changelog.Debian.gz
$ zgrep 'cve-number-here' /usr/share/doc/<PackageNameHere>/changelog.Debian.gz

Examples: Find lighttpd package change log

In this example view info about a package called lighttpd, enter:

less /usr/share/doc/lighttpd/changelog.Debian.gz

Sample outputs:

Fig.01: Debian / Ubuntu Linux See The Changelog Of an Installed Package

Fig.01: Debian / Ubuntu Linux See The Changelog Of an Installed Package

Example: See if lighttpd package includes a fix/patch for cve # cve-2013-4559

To find out if installed package called lighttpd includes a fix or patch, enter:

$ zgrep -i cve-2013-4559 /usr/share/doc/lighttpd/changelog.Debian.gz
  * Fix cve-2013-4559: setuid privilege escalation issue.

To display all cve, enter:

$ zgrep -i cve /usr/share/doc/lighttpd/changelog.Debian.gz
  * Fix regression caused by the fix for cve-2013-4508 (closes: #729480).
  * Fix cve-2013-4508: ssl cipher suites issue.
  * Fix cve-2013-4559: setuid privilege escalation issue.
  * Fix cve-2013-4560: use-after-free in fam.
  * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is
    - CVE-2013-1427: Switch the socket path for PHP when using FASTCGI. /tmp 

Say hello to the debsecan

The debsecan command analyzes the list of installed packages on the current host and reports vulnerabilities found on the system.


Use the apt command/apt-get command to install it:
$ sudo apt install debsecan
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  exim4 exim4-base exim4-config exim4-daemon-light s-nail
Suggested packages:
  eximon4 exim4-doc-html | exim4-doc-info spf-tools-perl swaks
The following NEW packages will be installed:
  debsecan exim4 exim4-base exim4-config exim4-daemon-light s-nail
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,026 kB of archives.
After this operation, 4,653 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 xenial/universe amd64 debsecan all 0.4.18 [33.9 kB]
Get:2 xenial-updates/main amd64 exim4-config all 4.86.2-2ubuntu2.2 [298 kB]
Get:3 xenial-updates/main amd64 exim4-base amd64 4.86.2-2ubuntu2.2 [869 kB]
Get:4 xenial-updates/main amd64 exim4-daemon-light amd64 4.86.2-2ubuntu2.2 [465 kB]
Get:5 xenial-updates/main amd64 exim4 all 4.86.2-2ubuntu2.2 [7,904 B]
Get:6 xenial/universe amd64 s-nail amd64 14.8.6-1 [353 kB]
Fetched 2,026 kB in 0s (2,406 kB/s)
Preconfiguring packages ...
Selecting previously unselected package debsecan.
(Reading database ... 144268 files and directories currently installed.)
Preparing to unpack .../debsecan_0.4.18_all.deb ...
Unpacking debsecan (0.4.18) ...
Selecting previously unselected package exim4-config.
Preparing to unpack .../exim4-config_4.86.2-2ubuntu2.2_all.deb ...
Unpacking exim4-config (4.86.2-2ubuntu2.2) ...
Selecting previously unselected package exim4-base.
Preparing to unpack .../exim4-base_4.86.2-2ubuntu2.2_amd64.deb ...
Unpacking exim4-base (4.86.2-2ubuntu2.2) ...
Selecting previously unselected package exim4-daemon-light.
Preparing to unpack .../exim4-daemon-light_4.86.2-2ubuntu2.2_amd64.deb ...
Unpacking exim4-daemon-light (4.86.2-2ubuntu2.2) ...
Selecting previously unselected package exim4.
Preparing to unpack .../exim4_4.86.2-2ubuntu2.2_all.deb ...
Unpacking exim4 (4.86.2-2ubuntu2.2) ...
Selecting previously unselected package s-nail.
Preparing to unpack .../s-nail_14.8.6-1_amd64.deb ...
Unpacking s-nail (14.8.6-1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu17) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up debsecan (0.4.18) ...
Setting up exim4-config (4.86.2-2ubuntu2.2) ...
Adding system-user for exim (v4)
Setting up exim4-base (4.86.2-2ubuntu2.2) ...
exim: DB upgrade, deleting hints-db
Setting up exim4-daemon-light (4.86.2-2ubuntu2.2) ...
Setting up exim4 (4.86.2-2ubuntu2.2) ...
Setting up s-nail (14.8.6-1) ...
update-alternatives: using /usr/bin/s-nail to provide /usr/bin/mailx (mailx) in auto mode
Processing triggers for systemd (229-4ubuntu17) ...
Processing triggers for ureadahead (0.100.0-19) ...


Just run it as follows:
$ debsecan | more
Sample outputs:

CVE-2016-2775 bind9-host (remotely exploitable, medium urgency)
CVE-2016-2776 bind9-host (remotely exploitable, high urgency)
CVE-2016-6170 bind9-host (remotely exploitable, medium urgency)
CVE-2016-8864 bind9-host (remotely exploitable, medium urgency)
CVE-2016-9131 bind9-host (remotely exploitable, medium urgency)
CVE-2016-9147 bind9-host (remotely exploitable, medium urgency)
CVE-2016-9444 bind9-host (remotely exploitable, medium urgency)
CVE-2017-3135 bind9-host
CVE-2017-3136 bind9-host
CVE-2017-3137 bind9-host
CVE-2017-3138 bind9-host
CVE-2016-9243 python3-cryptography (remotely exploitable, medium urgency)
CVE-2016-1248 vim-tiny (remotely exploitable, medium urgency)
CVE-2017-5953 vim-tiny (remotely exploitable, high urgency)
CVE-2017-6349 vim-tiny (remotely exploitable, high urgency)
CVE-2017-6350 vim-tiny (remotely exploitable, high urgency)
CVE-2015-1331 liblxc1 (medium urgency)
CVE-2015-1334 liblxc1 (medium urgency)
CVE-2015-1335 liblxc1 (high urgency)
CVE-2016-10124 liblxc1 (remotely exploitable, medium urgency)
CVE-2016-8649 liblxc1 (remotely exploitable, high urgency)
CVE-2016-10228 locales (remotely exploitable, medium urgency)
CVE-2016-6323 locales (remotely exploitable, medium urgency)
CVE-2017-1000366 locales
CVE-2017-8804 locales (remotely exploitable, high urgency)
CVE-2017-6507 libapparmor-perl (remotely exploitable, medium urgency)
CVE-2016-2324 git (remotely exploitable, high urgency)
CVE-2017-8386 git (remotely exploitable, medium urgency)
CVE-2017-6594 libheimntlm0-heimdal
CVE-2016-7942 libx11-data (remotely exploitable, high urgency)
CVE-2016-7943 libx11-data (remotely exploitable, high urgency)
CVE-2015-8948 libidn11 (remotely exploitable, medium urgency)
CVE-2016-6261 libidn11 (remotely exploitable, medium urgency)
CVE-2016-6263 libidn11 (remotely exploitable, medium urgency)
CVE-2016-1233 fuse (high urgency)
CVE-2016-2568 libpolkit-gobject-1-0 (medium urgency)
TEMP-0000000-4DA0A8 libdbus-1-3
CVE-2016-2779 util-linux (high urgency)
CVE-2016-5011 util-linux (medium urgency)
CVE-2017-6964 eject (high urgency)
CVE-2016-2779 libsmartcols1 (high urgency)
CVE-2016-5011 libsmartcols1 (medium urgency)


You can use the grep command or egrep command to search for any package name or CVE as follows:
$ debsecan | grep -i openvpn
Sample outputs for Debian apt cve for the openvpn:

CVE-2017-7478 openvpn (remotely exploitable, medium urgency)
CVE-2017-7479 openvpn (remotely exploitable, medium urgency)
CVE-2017-7508 openvpn
CVE-2017-7520 openvpn
CVE-2017-7521 openvpn

Or search for CVE-2017-1000364
$ debsecan | grep -i CVE-2017-1000364
Sample outputs:

CVE-2017-1000364 linux-image-4.4.0-79-generic
CVE-2017-1000364 linux-headers-4.4.0-79
CVE-2017-1000364 linux-headers-4.4.0-79-generic
CVE-2017-1000364 linux-headers-4.4.0-81-generic
CVE-2017-1000364 linux-headers-4.4.0-78
CVE-2017-1000364 linux-headers-4.4.0-81
CVE-2017-1000364 linux-headers-4.4.0-78-generic
CVE-2017-1000364 linux-headers-4.4.0-63
CVE-2017-1000364 linux-image-4.4.0-78-generic
CVE-2017-1000364 linux-headers-4.4.0-63-generic
CVE-2017-1000364 linux-image-4.4.0-63-generic
CVE-2017-1000364 linux-image-4.4.0-81-generic

A note about Debian security tracker

You can always use web based security tracker located at the following url:

  2. See security history of openvpn package.

Summing up

You have now learned how to view the changelog of an installed APT package on a Debian/Ubuntu system to determine if a patch has been applied for any vulnerabilities identified by a CVE number. We have two methods:

  1. See cve using the zgrep 'cve-number-here' /usr/share/doc/<PackageNameHere>/changelog.Debian.gz command.
  2. Use the debsecan command to analyzes the list of installed packages on the current host and reports vulnerabilities found on the system.

For more info see the following manual pages using the man command or help command:
$ man debsecan
$ man apt-get

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

3 comments… add one
  • Gabriel Serlenga May 4, 2015 @ 19:21

    Under Debian 8/Jessie, ‘less’ by default cannot page compressed files like the .gzipped’ Debian changelogs.

    To get ‘less’ to page compressed files in addition to non-compressed files, you can uncomment this line in the default ~/.bashrc under Debian 8 (assuming you are using bash):

    # make less more friendly for non-text input files, see lesspipe(1)
    #[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

    Or, you can also use ‘zless’ instead, which is a wrapper script for ‘less’ which allows it to page compressed files.

  • Paul May 27, 2015 @ 0:22

    This is a great tip, but I (perhaps irrationally) hate relying on the Changelog. You could also just hit (and don’t forget the absolutely fantastic debsecan :)

  • MT_WW Aug 2, 2023 @ 7:59

    Thank you for enlightening me with something new today. Your work is truly impressive, and I appreciate the effort you put into it. Keep up the excellent work!

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.