On 01/08/11 17:10, Gabriel Tabares wrote:
Dear all,
We're trying to use Nessus to monitor our system and we're having a hard time mapping the package versions from RedHat to CentOS in order to be able to report against CVE (vulnerability reports).
After some research, we think that the mapping is as follows (using HTTPD as the example):
CentOS httd-2.2.3-43.el5.centos.3 is equivalent to RedHat httpd-2.2.3-43.el5_5.3
So, it looks like CentOS replaces "_$MINOR_RELEASE" (in this case "_5") with ".centos" . Is this a fair assumption or are there other rules we are missing? Is this documented anywhere?
The CentOS developers outlined the naming in this rather lengthy thread:
http://lists.centos.org/pipermail/centos-devel/2011-May/007477.html
But as outlined in that thread it is not always easy (or indeed possible) to establish which upstream source a given CentOS modified package is built from. A more reliable method would be to check the changelog.