On Thu, 14 Sep 2017 10:43:54 +0300 Lars Noodén <[email protected]> wrote:
> I notice in Ascii that bluez is at version 5.43-2 > Does that version solve CVE-2017-1000251 + CVE-2017-1000250? > > Either way, how would go about looking up that myself? > > Debian has this notice: > https://www.debian.org/security/2017/dsa-3972 Hallo Lars, first, I'd check if the package in question is listed as provided (modified) by Devuan at https://devuan.org/os/packages/ If not (as in this case) you can stick to the Debian security advisory, which states that you should get the "+deb9u1" version before connecting that dongle again. Regarding packages modified for Devuan, I'd have a look at the package's "Activity" tab at https://git.devuan.org/devuan-packages/ If there's a more convenient way, I'd be happy to read about it in this thread. And, in return, a similar question: Where would I report a devuan.org link-generation error? I just noticed that the links to the different versions of the debs under https://devuan.org/os/packages/ return a 404 as they are obviously messed up: https://packages.devuan.org/devuan/https://packages.devuan.org/pool/DEVUAN/main/b/base-files/base-files_8+devuan4_amd64.deb libre Grüße, Florian _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
