On Fri, 2022-07-01 at 04:46 +0200, icedgorilla wrote: > [...] Is this some sort of Man in The Middle attack or is there an easy > explanation and a simple way to fix? > # apt changelog openssl > > Err:1 https://metadata.ftp-master.debian.org openssl 1.1.1n-0+deb11u3 > Changelog > Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: > 146.75.94.132 443]) > E: Failed to fetch > https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/openssl_1.1.1n-0%2bdeb11u3_changelog > Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: > 146.75.94.132 443])
It just means that version isn't available in the repositories. If you get a list by pointing a web broswer at last directory in that URL (https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/) you see 'u2' is the latest version. If you go to the package tracker at https://tracker.debian.org and search for 'openssl' you get to a page that shows under 'news' that the 'u3' version is 'embargoed'. Which means it's been produced but not publicly available, this is done when packages have security fixes for for vulnerabilities that haven't been publicly detailed yet. There's been at lot of news in recent days about bugs in openssl. This doesn't answer why your machine is trying to download this 'u3' version, perhaps it appeared transiently for a time your machine was trying to update. Have you tried running 'apt update' to refresh the package list on you computer. -- Tixy