:: [DNG] Security updates in Devuan
Top Page
Delete this message
Reply to this message
Author: John Franklin
Date:  
To: dng
Subject: [DNG] Security updates in Devuan
I’ve seen several security alerts from Debian, but no matching updates in Devuan. For example, the “file" package has CVE-2017-1000249, released yesterday.

> For the stable distribution (stretch), this problem has been fixed in
> version 1:5.30-1+deb9u1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1:5.32-1.


But, on a Devuan Ascii VM:

> $ sudo apt-get install file
> Reading package lists... Done
> Building dependency tree       
> Reading state information... Done
> file is already the newest version (1:5.30-1).
> 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.



Maybe this one is too new, but the “apache2" package has CVE-2017-9788 released July 18th, 2017.

> For the oldstable distribution (jessie), this problem has been fixed
> in version 2.4.10-10+deb8u10.
>
> For the stable distribution (stretch), this problem has been fixed in
> version 2.4.25-3+deb9u2.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 2.4.27-1.


The latest apache2 in Ascii is 2.4.25-3+deb9u1.

jf
--
John Franklin
franklin@???