On Thu, 2017-09-07 at 21:07 +0900, Olaf Meeuwissen wrote: > Hi John, > > John Franklin writes: > > > I’ve seen several security alerts from Debian, but no matching > > updates in Devuan. For example, the “file" package has > > CVE-2017-1000249, released yesterday. > > > > > For the stable distribution (stretch), this problem has been fixed in > > > version 1:5.30-1+deb9u1.
> Uhm, Devuan ascii is testing. I'd think that doesn't get any security > upgrades, just like Debian's testing (buster) doesn't get any. No, Devuan ascii is stretch, i.e. Debian stable. This upgrade should be available, but isn't: Adding to /etc/apt/sources.list, deb http://auto.mirror.devuan.org/merged ascii-security main does not make it available: apt-cache policy file file: Installed: 1:5.30-1 Candidate: 1:5.30-1 Version table: *** 1:5.30-1 991 991 http://auto.mirror.devuan.org/merged ascii/main i386 Packages 100 /var/lib/dpkg/status _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
