My C7 system has mariadb 5.5.37, installed from the Centos repository. The latest version (with a security update is 5.5.39). Mariadb.org has its own repositories, but they don't list Centos 7 as an option. Is anyone using the repository for Centos 6 with Centos 7?
See https://downloads.mariadb.org/mariadb/repositories/#mirror=jmu&distro=Ce...
On 09/10/2014 09:58 AM, Steven Stern wrote:
My C7 system has mariadb 5.5.37, installed from the Centos repository. The latest version (with a security update is 5.5.39). Mariadb.org has its own repositories, but they don't list Centos 7 as an option. Is anyone using the repository for Centos 6 with Centos 7?
See https://downloads.mariadb.org/mariadb/repositories/#mirror=jmu&distro=Ce...
Red Hat does backporting for updates, and CentOS rebuilds that backported code.
If you look at the security issues you are talking about in mariadb 5.5, you will see that they are ROLLED IN already:
https://rhn.redhat.com/errata/RHSA-2014-0702.html
But backported in the current version.
(The list of CVE's patched is on that page)
If you have other questions about backporting, read this:
https://access.redhat.com/security/updates/backporting
So the short message is, if you want to know if a CVE fix is included, you can see on the errata page or here:
https://access.redhat.com/security/cve/
All the CentOS announcements are here:
http://lists.centos.org/pipermail/centos-announce/
Thanks, Johnny Hughes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/10/2014 10:29 AM, Johnny Hughes wrote:
On 09/10/2014 09:58 AM, Steven Stern wrote:
My C7 system has mariadb 5.5.37, installed from the Centos repository. The latest version (with a security update is 5.5.39). Mariadb.org has its own repositories, but they don't list Centos 7 as an option. Is anyone using the repository for Centos 6 with Centos 7?
See https://downloads.mariadb.org/mariadb/repositories/#mirror=jmu&distro=Ce...
Red Hat does backporting for updates, and CentOS rebuilds that backported code.
If you look at the security issues you are talking about in mariadb 5.5, you will see that they are ROLLED IN already:
https://rhn.redhat.com/errata/RHSA-2014-0702.html
But backported in the current version.
(The list of CVE's patched is on that page)
If you have other questions about backporting, read this:
https://access.redhat.com/security/updates/backporting
So the short message is, if you want to know if a CVE fix is included, you can see on the errata page or here:
https://access.redhat.com/security/cve/
All the CentOS announcements are here:
http://lists.centos.org/pipermail/centos-announce/
Thanks, Johnny Hughes
Thanks for the excellent (and reassuring) response.
- -- - -- Steve
-
Johnny Hughes -
Steven Stern