Re: [CentOS] Centos and CVE-2017-1000117

2017-08-23 Thread Johnny Hughes 
On 08/19/2017 11:27 AM, Lance Lassetter wrote:
> 
> 
> On August 19, 2017 10:12:27 AM CDT, Alexander Dalloz  
> wrote:
>> Am 19.08.2017 um 14:45 schrieb Richard:
>>> I've seen the announcement and update(s) for centos-6
>>> (CESA-2017:2485), but I don't find anything for centos-7 yet. It
>>> looks like RH announced them both at about the same time wednesday
>>> and the update for centos-6 came out thursday. Is there some reason
>>> that the update(s) for -7 haven't been pushed out?
>>
>> Updates for CentOS 7 are hold back until the 7.4 update gets released. 
>> It will start by populating the CR repo.
>>
>> Alexander
>>
> 
> I'm new to Centos.  Security updates are considered general updates?

Updates build upon each other.  If an update is built against 7.4 and
links against the 7.4 libraries, we can not instead build it against 7.3
.. everything has to be done in a specific order to get the correct
build requirements and link against the proper shared libraries.  So
while it would be great to just build and release the security updates
first, life does not allow it to work like that.

CR should be out in a few hours .. initially it will contain only the
the RPMs that were part of the 7.4 actual release.

Within 24 hours of that CR release, CR will be updated to contain all
the updates that actually needed to be built against 7.4 (those are
building now and the initial CR is in the final QA stages).



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and CVE-2017-1000117

2017-08-19 Thread me 

On Sat, 19 Aug 2017, Lance Lassetter wrote:




On August 19, 2017 10:12:27 AM CDT, Alexander Dalloz  wrote:

Am 19.08.2017 um 14:45 schrieb Richard:

I've seen the announcement and update(s) for centos-6
(CESA-2017:2485), but I don't find anything for centos-7 yet. It
looks like RH announced them both at about the same time wednesday
and the update for centos-6 came out thursday. Is there some reason
that the update(s) for -7 haven't been pushed out?


Updates for CentOS 7 are hold back until the 7.4 update gets released.
It will start by populating the CR repo.

Alexander



I'm new to Centos.  Security updates are considered general updates?


Have a look at 
https://wiki.centos.org/FAQ/General#head-cea9337e6513cc1567c4d05afbd693f1f7038ccb

As you can see the updates will first appear in the CR Repo.

If you need updates sooner you should pay Red Hat for RHEL.

I am hoping that the CR repo gets populated soon BUT that is up to the 
Release engineering team.


Regards,

--
Tom m...@tdiehl.org Spamtrap address
me...@tdiehl.org
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and CVE-2017-1000117

2017-08-19 Thread Lance Lassetter 


On August 19, 2017 10:12:27 AM CDT, Alexander Dalloz  wrote:
>Am 19.08.2017 um 14:45 schrieb Richard:
>> I've seen the announcement and update(s) for centos-6
>> (CESA-2017:2485), but I don't find anything for centos-7 yet. It
>> looks like RH announced them both at about the same time wednesday
>> and the update for centos-6 came out thursday. Is there some reason
>> that the update(s) for -7 haven't been pushed out?
>
>Updates for CentOS 7 are hold back until the 7.4 update gets released. 
>It will start by populating the CR repo.
>
>Alexander
>

I'm new to Centos.  Security updates are considered general updates?

Lance
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and CVE-2017-1000117

2017-08-19 Thread Alexander Dalloz 

Am 19.08.2017 um 14:45 schrieb Richard:

I've seen the announcement and update(s) for centos-6
(CESA-2017:2485), but I don't find anything for centos-7 yet. It
looks like RH announced them both at about the same time wednesday
and the update for centos-6 came out thursday. Is there some reason
that the update(s) for -7 haven't been pushed out?


Updates for CentOS 7 are hold back until the 7.4 update gets released. 
It will start by populating the CR repo.


Alexander

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and CVE-2017-1000117

2017-08-19 Thread Richard 


> Date: Thursday, August 17, 2017 00:13:58 +0200
> From: Alexander Dalloz 
>
> Am 16.08.2017 um 16:29 schrieb Herbert Chang:
>> hi centos community,
>> 
>> as many of you probably have been following along, a few days ago
>> CVE 2017-1000117
>>  was
>> identified and redhat was prompt to release patches to fedora
>> 25/26.  I haven't seen any chatter thus far from CentOS, so was
>> wondering if anyone knew the status of the patches landing in
>> CentOS, and more specifically, for CentOS 6 and git 1.7.x that's
>> currently latest in the repos.
>> 
>> thanks!
>> Herbert
> 
> Red Hat has a CVE database. For the issue see
> 
> https://access.redhat.com/security/cve/cve-2017-1000117
> 
> Red Hat just today has released a new git package for RHEL 6 + 7,
> RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will
> for sure pop up on the mirrors in near future.
> 
> Alexander
> 

I've seen the announcement and update(s) for centos-6
(CESA-2017:2485), but I don't find anything for centos-7 yet. It
looks like RH announced them both at about the same time wednesday
and the update for centos-6 came out thursday. Is there some reason
that the update(s) for -7 haven't been pushed out?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and CVE-2017-1000117

2017-08-16 Thread Alexander Dalloz 

Am 16.08.2017 um 16:29 schrieb Herbert Chang:

hi centos community,

as many of you probably have been following along, a few days ago CVE
2017-1000117  was
identified and redhat was prompt to release patches to fedora 25/26.  I
haven't seen any chatter thus far from CentOS, so was wondering if anyone
knew the status of the patches landing in CentOS, and more specifically,
for CentOS 6 and git 1.7.x that's currently latest in the repos.

thanks!
Herbert


Red Hat has a CVE database. For the issue see

https://access.redhat.com/security/cve/cve-2017-1000117

Red Hat just today has released a new git package for RHEL 6 + 7, 
RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will for 
sure pop up on the mirrors in near future.


Alexander


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos and CVE-2017-1000117

2017-08-16 Thread Herbert Chang 
hi centos community,

as many of you probably have been following along, a few days ago CVE
2017-1000117  was
identified and redhat was prompt to release patches to fedora 25/26.  I
haven't seen any chatter thus far from CentOS, so was wondering if anyone
knew the status of the patches landing in CentOS, and more specifically,
for CentOS 6 and git 1.7.x that's currently latest in the repos.

thanks!
Herbert

-- 
Herbert Chang
clypd | engineer

781.540.1653
herb...@clypd.com



Connect with us: Twitter  | LinkedIn
 | Facebook

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos