I’ve seen several security alerts from Debian, but no matching updates in Devuan. For example, the “file" package has CVE-2017-1000249, released yesterday.
> For the stable distribution (stretch), this problem has been fixed in > version 1:5.30-1+deb9u1. > > For the unstable distribution (sid), this problem has been fixed in > version 1:5.32-1. But, on a Devuan Ascii VM: > $ sudo apt-get install file > Reading package lists... Done > Building dependency tree > Reading state information... Done > file is already the newest version (1:5.30-1). > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. Maybe this one is too new, but the “apache2" package has CVE-2017-9788 released July 18th, 2017. > For the oldstable distribution (jessie), this problem has been fixed > in version 2.4.10-10+deb8u10. > > For the stable distribution (stretch), this problem has been fixed in > version 2.4.25-3+deb9u2. > > For the unstable distribution (sid), this problem has been fixed in > version 2.4.27-1. The latest apache2 in Ascii is 2.4.25-3+deb9u1. jf -- John Franklin frank...@tux.org _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng