On Mon, 2 Apr 2018 13:17:31 +0100 leloft <[email protected]> wrote:
> Hi devs, > > I am having difficulties finding the security update for the > openssl1.0 package (Debian Security Advisory DSA-4158-1 addressing > CVE-2018-0739) > > There is no problem with openssl: > Debian package openssl: stretch (libs): 1.1.0f-3+deb9u2 > > Issuing > # apt-cache policy openssl | grep -B 1 ascii > returns > > 1.1.0f-3+deb9u2 500 > 500 http://pkgmaster.devuan.org/merged ascii-security/main > amd64 Packages > 100 http://pkgmaster.devuan.org/merged > ascii-proposed-updates/main amd64 Packages > 1.1.0f-3+deb9u1 500 > 500 http://pkgmaster.devuan.org/merged ascii/main amd64 > Packages > > > But when I do the same for openssl1.0, I am getting confusing results > Debian package openssl1.0: stretch (misc): 1.0.2l-2+deb9u3 > > Issuing > # apt-cache policy openssl1.0 | grep -B 1 ascii > returns nothing > > Issuing > #apt-cache policy openssl1* | grep deb > returns > 1.1.0f-3+deb9u2 500 > 1.1.0f-3+deb9u1 500 > 1.0.1t-1+deb8u8 500 > 1.0.1t-1+deb8u7 500 > 3.5.8-5+deb9u3 500 > 3.5.8-5+deb9u1 500 > 3.3.8-6+deb8u7 500 > 3.3.8-6+deb8u6 500 > 7.52.1-5+deb9u5 500 > 7.52.1-5+deb9u4 500 > 7.38.0-4+deb8u10 500 > 7.38.0-4+deb8u8 500 > 2.0.21-stable-2+deb8u1 500 > > The first four of these are openssl packages. > > Despite much searching, I cannot find the openssl1.0 package > 1.0.2l-2+deb9u3. > > The searches were carried out from a bootstrapped ceres installation > using a sources list that contained the (main contrib > non-free) repositories: > > /merged > *: jessie, ascii, beowulf, ceres > *-security: jessie, ascii, beowulf > *-updates: jessie, ascii, beowulf > *-proposed-updates: jessie, ascii, beowulf > *-backports: jessie, ascii > /devuan > *: jessie, ascii, beowulf, ceres, experimental > *-proposed: jessie, ascii > *-proposed-security: jessie, ascii > > The brief was to pinpoint any DSA whose patch is *not* > already available in Devuan. My question is therefore this: > > Is the openssl1.0 package not available in ascii, although it is > available in stretch or is there a devuan repository that I have not > identified? > > I can post the full sources.list if that would help to resolve this > query. > > Many Thanks > > leloft Hi leloft, the logs of my nearest Ascii computer report, that the upgrades did already happen on last Friday: ----- Fri Mar 30 10:58:23 CEST 2018 ----- The following packages will be upgraded: libssl1.0.2 libssl1.1 openssl and from a Jessie system nearby: ----- Fri Mar 30 00:45:06 CEST 2018 ----- The following packages will be upgraded: libssl1.0.0 openssl libre Grüße, Florian -- \ \\ \ \ ____| |________ / \ | ILS SONT FOUX | | CES ROMAINS! | \__________________/
pgpiaB5GYvR8K.pgp
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
