:: Re: [DNG] Openvpn CVE fix in devuan…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\wirelessduck at <-
MMMark Hindley at ->
Delete this message
Reply to this message
Author: Mark Hindley
Date:  
To: wirelessduck
CC: dng
Subject: Re: [DNG] Openvpn CVE fix in devuan chimaera
Hi,

On Mon, Jul 25, 2022 at 12:46:09AM +1000, wirelessduck--- via Dng wrote:
>    I saw https://bugs.debian.org/1008015 on the Debian BTS which mentions
>    it was found in openvpn/2.5.1-3, openvpn/2.5.5-1 and fixed in
>    openvpn/2.5.6-1.

> 
>    Devuan chimaera still has openvpn/2.5.1-3+devuan1. Debian bullseye is
>    also still showing openvpn/2.5.1-3 on packages.debian.org/openvpn.

> 
>    How can I check to see if this patch has been applied to the devuan
>    package?

It hasn't, because it hasn't been backported, only fixed upstream in 2.5.6 and 2.4.12.
It might be possible to do, but is considered a low-priority in Debian[1] and
doesn't have a DSA. 

>    Also, where do I look to see the differences between debian and devuan
>    packages? I checked git.devuan.org in the suites/unstable branch of
>    devuan/openvpn but that just looks like merge from Debian without any
>    extra patches applied.

That branch is the correct place. If you run

git diff debian/master..suites/unstable

you will get the changes.

Mark

[1] https://tracker.debian.org/pkg/openvpn

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-[DNG] Openvpn CVE fix in devuan chimaeraRe: [DNG] Openvpn CVE fix in devuan chimaera->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)