Danis, Andrew (CONTR):
> Good Afternoon Spacewalk Team,
> Regarding these packages:
> jakarta-oro-2.0.8-16.el7.noarch
> jakarta-commons-httpclient-3.1-16.el7_0.noarch
> Are these being supported with security patches by red hat? I see fixes as of 
> 2013/2014 for CVE-2014-3577 and 2013-1571 but according to the Jakarta 
> project page it has been EOL since 2010. 

Hi Andrew,

These packages are provided by Red Hat (as a part of Red Hat Enterprise Linux 7 
and we take responsibility for security fixes of all packages we ship
(even EOLed by upstream). That's the value of your RHEL subscription.

> Andrew Danis
> System Administrator


Michael Mráka
System Management Engineering, Red Hat

Spacewalk-devel mailing list

Reply via email to