Someone at Debian increase security for all Debian servers by breaking debsecan a while ago for everything before Jessie by moving the vulnerability definitions from http://secure-testing.debian.net/debian-secure-testing/project/debsecan/release/1/ to https://security-tracker.debian.org/tracker/debsecan/release/1 Of course there was no way to issue a security fix for Wheezy debsecan...
Workaround 1: HotfixSo if you still want to scan your Wheezy systems you can hotfix debsecan before running it like this:
sed -i "s/http:\/\/secure-testing.debian.net\/debian-secure-testing/https:\/\/security-tracker.debian.org\/tracker/;s/project\/debsecan\/release\/1\//debsecan\/release\/1\//" /usr/bin/debsecan
Workaround 2: Pass ConfigYou can also pass an in-place config file:
debsecan --config <(echo SOURCE="https://security-tracker.debian.org/tracker/debsecan/release/1/")