Patrick Rael wrote:
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again.
At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks.
PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?!!!!!!!!!
Give them some bloody time, children. It's a job of work, as the old saying goes.
mark