Package: security.debian.org Severity: important DSA (the e-mail) states: For the stable distribution (stretch), these problems have been fixed in version 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6.
However, apt downloads version xen (4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6) stretch-security; urgency=high In the PTS two versions are listed: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 and 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 So something looks fishy, although I do not get any signature failures from apt / dpkg, which indicates that the delivery process was not tampered with. -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 -- Dr. Helge Kreutzmann deb...@helgefjell.de Dipl.-Phys. http://www.helgefjell.de/debian.php 64bit GNU powered gpg signed mail preferred Help keep free software "libre": http://www.ffii.de/
signature.asc
Description: Digital signature