:: Re: [DNG] Security updates in Devua…
Top Page
Delete this message
Reply to this message
Author: Olaf Meeuwissen
Date:  
To: John Franklin
CC: dng
New-Topics: [DNG] ascii-security Was:Re: Security updates in Devuan
Subject: Re: [DNG] Security updates in Devuan
Hi John,

John Franklin writes:

> I’ve seen several security alerts from Debian, but no matching
> updates in Devuan. For example, the “file" package has
> CVE-2017-1000249, released yesterday.
>
>> For the stable distribution (stretch), this problem has been fixed in
>> version 1:5.30-1+deb9u1.
>>
>> For the unstable distribution (sid), this problem has been fixed in
>> version 1:5.32-1.
>
> But, on a Devuan Ascii VM:


Uhm, Devuan ascii is testing. I'd think that doesn't get any security
upgrades, just like Debian's testing (buster) doesn't get any.

In addition, this particular DSA doesn't mention fixes for oldstable so
I would not expect Devuan's jessie to get any security upgrade either.

Looks like you'll have to wait until whatever hit unstable trickles down
to testing.

> [...]
>
> Maybe this one is too new, but the “apache2" package has
> CVE-2017-9788 released July 18th, 2017.
>
>> For the oldstable distribution (jessie), this problem has been fixed
>> in version 2.4.10-10+deb8u10.
>>
>> For the stable distribution (stretch), this problem has been fixed in
>> version 2.4.25-3+deb9u2.
>>
>> For the unstable distribution (sid), this problem has been fixed in
>> version 2.4.27-1.
>
> The latest apache2 in Ascii is 2.4.25-3+deb9u1.


On my Devuan jessie I get this

$ apt-cache policy apache2
apache2:
  Installed: (none)
  Candidate: 2.4.10-10+deb8u10
  Version table:
     2.4.10-10+deb8u10 0
        500 http://auto.mirror.devuan.org/merged/ jessie-security/main amd64 Packages
     2.4.10-10+deb8u9 0
        500 http://auto.mirror.devuan.org/merged/ jessie/main amd64 Packages


This matches what is available for Debian's jessie (oldstable).

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join