:: Re: [DNG] Openvpn CVE fix in devuan…
Top Page
Delete this message
Reply to this message
Author: Mark Hindley
To: wirelessduck
CC: dng
Subject: Re: [DNG] Openvpn CVE fix in devuan chimaera
On Sun, Jul 24, 2022 at 04:19:39PM +0100, Mark Hindley wrote:
> Hi,
> On Mon, Jul 25, 2022 at 12:46:09AM +1000, wirelessduck--- via Dng wrote:
> >    I saw https://bugs.debian.org/1008015 on the Debian BTS which mentions
> >    it was found in openvpn/2.5.1-3, openvpn/2.5.5-1 and fixed in
> >    openvpn/2.5.6-1.

> >
> >    Devuan chimaera still has openvpn/2.5.1-3+devuan1. Debian bullseye is
> >    also still showing openvpn/2.5.1-3 on packages.debian.org/openvpn.

> >
> >    How can I check to see if this patch has been applied to the devuan
> >    package?

> It hasn't, because it hasn't been backported, only fixed upstream in 2.5.6 and 2.4.12.
> It might be possible to do, but is considered a low-priority in Debian[1] and
> doesn't have a DSA.

I have just had a quick look and the commit seems to backport easily. New
version for chimaera-security is en route.