On Mon, 1 Jul 2024 at 12:45, Ross Younger via BitFolk Users
<users(a)mailman.bitfolk.com> wrote:
On 1/07/24 23:20, Adam Spiers via BitFolk Users wrote:
Thanks a lot for the heads-up! On bookworm, I
see an update
available, but run into an openssl dependency issue [...]
You may be experiencing cache skew. Either wait 24 hours for Bitfolk's
cache to update, or re-enable
deb.debian.org for the time being.
I had no problem updating my home server just now (also bookworm, using
deb.debian.org sources exclusively. (But I'm in New Zealand, your CDN
node may vary.)
Thanks, this was it! Although oddly it wasn't enough to avoid
Bitfolk's cache for just
security.debian.org; I had to do it for the
main repo too, which then ended up pulling in a whole bunch of updates
which weren't visible before. Very weird.
I have another
VPS running buster, which I note has reached EOL last
night. What absolutely fabulous timing!
buster contained openssh 7.9; the Qualys advisory says that versions
between 4.4p1 and 8.5p1 are not vulnerable.
Oh great, thanks again!
Wow, what an amazing piece of research and write-up. Wish I had spare
time to read it properly!