On Fri, 2022-07-01 at 04:46 +0200, icedgorilla wrote:
[...] Is this some sort of Man in The Middle attack or is there an easy explanation and a simple way to fix?
# apt changelog openssl
Err:1 https://metadata.ftp-master.debian.org openssl 1.1.1n-0+deb11u3 Changelog
Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: 146.75.94.132 443])
E: Failed to fetch https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/openssl_1.1.1n-0%2bdeb11u3_changelog ; Changelog unavailable for openssl=1.1.1n-0+deb11u3 (404 Not Found [IP: 146.75.94.132 443])
It just means that version isn't available in the repositories. If you
get a list by pointing a web broswer at last directory in that URL
(https://metadata.ftp-master.debian.org/changelogs/main/o/openssl/)
you see 'u2' is the latest version.
If you go to the package tracker at https://tracker.debian.org
and search for 'openssl' you get to a page that shows under 'news' that
the 'u3' version is 'embargoed'. Which means it's been produced but not
publicly available, this is done when packages have security fixes for
for vulnerabilities that haven't been publicly detailed yet.
There's been at lot of news in recent days about bugs in openssl.
This doesn't answer why your machine is trying to download this 'u3'
version, perhaps it appeared transiently for a time your machine was
trying to update.
Have you tried running 'apt update' to refresh the package list on you
computer.