On Thu, 14 Sep 2017 10:43:54 +0300
Lars Noodén <lars.nooden@???> wrote:

> I notice in Ascii that bluez is at version 5.43-2
> Does that version solve CVE-2017-1000251 + CVE-2017-1000250?
>
> Either way, how would go about looking up that myself?
>
> Debian has this notice:
> https://www.debian.org/security/2017/dsa-3972


Hallo Lars,

first, I'd check if the package in question is listed as provided
(modified) by Devuan at https://devuan.org/os/packages/

If not (as in this case) you can stick to the Debian security advisory,
which states that you should get the "+deb9u1" version before
connecting that dongle again.

Regarding packages modified for Devuan, I'd have a look at the package's
"Activity" tab at https://git.devuan.org/devuan-packages/

If there's a more convenient way, I'd be happy to read about it in this
thread.


And, in return, a similar question:

Where would I report a devuan.org link-generation error? I just noticed
that the links to the different versions of the debs under
https://devuan.org/os/packages/ return a 404 as they are obviously
messed up:

https://packages.devuan.org/devuan/https://packages.devuan.org/pool/DEVUAN/main/b/base-files/base-files_8+devuan4_amd64.deb


libre Grüße,

Florian