[DNG] DSA openssl openssl1.0

Mon, 02 Apr 2018 05:18:07 -0700 

Hi devs, 

I am having difficulties finding the security update for the openssl1.0
package (Debian Security Advisory DSA-4158-1 addressing CVE-2018-0739)
There is no problem with openssl:
Debian package openssl: stretch (libs): 1.1.0f-3+deb9u2

Issuing 
# apt-cache policy openssl | grep -B 1 ascii 
returns
          
     1.1.0f-3+deb9u2 500
        500 http://pkgmaster.devuan.org/merged ascii-security/main
amd64 Packages
        100 http://pkgmaster.devuan.org/merged
ascii-proposed-updates/main amd64 Packages
     1.1.0f-3+deb9u1 500
        500 http://pkgmaster.devuan.org/merged ascii/main amd64 Packages


But when I do the same for openssl1.0, I am getting confusing results
Debian package openssl1.0:  stretch (misc): 1.0.2l-2+deb9u3

Issuing
# apt-cache policy openssl1.0 | grep -B 1 ascii
returns nothing

Issuing 
#apt-cache policy openssl1* | grep deb
returns
    1.1.0f-3+deb9u2 500
     1.1.0f-3+deb9u1 500
     1.0.1t-1+deb8u8 500
     1.0.1t-1+deb8u7 500
     3.5.8-5+deb9u3 500
     3.5.8-5+deb9u1 500
     3.3.8-6+deb8u7 500
     3.3.8-6+deb8u6 500
     7.52.1-5+deb9u5 500
     7.52.1-5+deb9u4 500
     7.38.0-4+deb8u10 500
     7.38.0-4+deb8u8 500
     2.0.21-stable-2+deb8u1 500

The first four of these are openssl packages.  

Despite much searching, I cannot find the openssl1.0 package
1.0.2l-2+deb9u3.
 
The searches were carried out from a bootstrapped ceres installation
using a sources list that contained the (main contrib
non-free) repositories:

/merged
   *:  jessie, ascii, beowulf, ceres
   *-security:  jessie, ascii, beowulf
   *-updates:  jessie, ascii, beowulf
   *-proposed-updates:  jessie, ascii, beowulf
   *-backports: jessie, ascii   
/devuan
   *:  jessie, ascii, beowulf, ceres, experimental
   *-proposed:  jessie, ascii
   *-proposed-security: jessie, ascii

The brief was to pinpoint any DSA whose patch is *not*
already available in Devuan.  My question is therefore this:

Is the openssl1.0 package not available in ascii, although it is
available in stretch or is there a devuan repository that I have not
identified? 

I can post the full sources.list if that would help to resolve this
query.

Many Thanks

leloft 


  





_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Reply via email to