:: Re: [DNG] bluez and CVE-2017-100025…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Florian Zieboll
Datum:  
To: dng
Betreff: Re: [DNG] bluez and CVE-2017-1000251 + CVE-2017-1000250 ?
On Thu, 14 Sep 2017 13:31:55 +0300
Lars Noodén <lars.nooden@???> wrote:

> Should I add a Debian repository to get the +deb9u1 version?



I don't feel like giving recommendations on that topic. I just can tell,
that I do have the Debian security repo in the apt sources of most of my
Devuan machines (both Jessie and Ascii) and can't remember to have ran
into any issues besides faster delivery of the relevant updates. Below
is the configuration of the Jessie machine I'm currently working at,
installed since early alpha:

florian@nulldevice:~$ cat /etc/apt/sources.list
deb http://auto.mirror.devuan.org/merged/ jessie main contrib non-free
deb-src http://auto.mirror.devuan.org/merged/ jessie main contrib non-free

deb http://auto.mirror.devuan.org/merged/ jessie-updates main contrib non-free
deb-src http://auto.mirror.devuan.org/merged/ jessie-updates main contrib non-free

deb http://auto.mirror.devuan.org/merged/ jessie-backports main contrib non-free
deb-src http://auto.mirror.devuan.org/merged/ jessie-backports main contrib non-free

deb http://auto.mirror.devuan.org/merged/ jessie-security main contrib non-free
deb-src http://auto.mirror.devuan.org/merged/ jessie-security main contrib non-free

deb http://www.deb-multimedia.org/ jessie main non-free
deb-src http://www.deb-multimedia.org/ jessie main non-free

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

florian@nulldevice:~$ cat /etc/apt/preferences.d/avoid-otherrepos
Package: *
Pin: release a=jessie-backports
Pin-Priority: 150

Package: *
Pin: origin "www.deb-multimedia.org"
Pin-Priority: 75

florian@nulldevice:~$ cat /etc/apt/preferences.d/avoid-systemd
Package: libsystemd0
Pin: release o=*
Pin-Priority: -1

Package: systemd-sysv
Pin: release o=*
Pin-Priority: -1

I just realized that I don't even have pinning enabled for the origin
"security.debian.org" (which I probably will do now;)

hth & libre Grüße,

Florian