Hi Piotr, Thank you for your help. Strangely enough the problem finally resolved itself. Maybe this thread had something to do with it? I don't know.
I notice with stable, changelogs sometimes take a few days to be published, whereas with Sid it was never a problem. An additional thank you to all who helped me with this problem. I wish you all a wonderful Summer! Jul 1, 2022, 10:55 by pior...@gmx.com: > On 01/07/2022 07:24, Tixy wrote: > >> On Fri, 2022-07-01 at 04:46 +0200, icedgorilla wrote: >> >>> [...] Is this some sort of Man in The Middle attack or is there an easy >>> explanation and a simple way to fix? >>> # apt changelog openssl >>> >>> Err:1 https://metadata.ftp-master.debian.org openssl 1.1.1n-0+deb11u3 >>> Changelog >>> Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: >>> 146.75.94.132 443]) >>> E: Failed to fetch >>> https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/openssl_1.1.1n-0%2bdeb11u3_changelog >>> Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: >>> 146.75.94.132 443]) >>> >> >> It just means that version isn't available in the repositories. If you >> get a list by pointing a web broswer at last directory in that URL >> (https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/) >> you see 'u2' is the latest version. >> >> If you go to the package tracker at https://tracker.debian.org >> and search for 'openssl' you get to a page that shows under 'news' that >> the 'u3' version is 'embargoed'. Which means it's been produced but not >> publicly available, this is done when packages have security fixes for >> for vulnerabilities that haven't been publicly detailed yet. >> There's been at lot of news in recent days about bugs in openssl. >> >> This doesn't answer why your machine is trying to download this 'u3' >> version, perhaps it appeared transiently for a time your machine was >> trying to update. >> >> Have you tried running 'apt update' to refresh the package list on you >> computer. >> > This package version is out already. > > My system updated to this version couple of days ago: > $ zcat history.log.1.gz | grep -B2 -A1 openssl > Start-Date: 2022-06-27 06:17:36 > Commandline: /usr/bin/unattended-upgrade > Upgrade: openssl:amd64 (1.1.1n-0+deb11u2, 1.1.1n-0+deb11u3) > End-Date: 2022-06-27 06:17:53 > > > $ apt-cache policy openssl > openssl: > Installed: 1.1.1n-0+deb11u3 > Candidate: 1.1.1n-0+deb11u3 > Version table: > *** 1.1.1n-0+deb11u3 500 > 500 http://security.debian.org/debian-security > bullseye-security/main amd64 Packages > 100 /var/lib/dpkg/status > 1.1.1n-0+deb11u1 500 > 500 http://deb.debian.org/debian bullseye/main amd64 Packages > > $ apt changelog openssl > openssl (1.1.1n-0+deb11u3) bullseye-security; urgency=medium > > * CVE-2022-2068 (The c_rehash script allows command injection). > * Update expired certs. > > -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Fri, 24 Jun > 2022 22:22:19 +0200 > > > -- > With kindest regards, Piotr. > > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system > ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/ > ⠈⠳⣄⠀⠀⠀⠀ >
