On 1/07/24 23:20, Adam Spiers via BitFolk Users wrote:
Thanks a lot for the heads-up! On bookworm, I see an
update
available, but run into an openssl dependency issue [...]
You may be experiencing cache skew. Either wait 24 hours for Bitfolk's
cache to update, or re-enable
deb.debian.org for the time being.
I had no problem updating my home server just now (also bookworm, using
deb.debian.org sources exclusively. (But I'm in New Zealand, your CDN
node may vary.)
I have another VPS running buster, which I note has
reached EOL last
night. What absolutely fabulous timing!
buster contained openssh 7.9; the Qualys advisory says that versions
between 4.4p1 and 8.5p1 are not vulnerable.
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
Ross