On Wed, 11 May 2016, Steve Snyder wrote:

On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:

...

Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.

Thanks!

Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.

Or, if you have the CR repo installed, you should get it a lot quicker.

Gilbert

******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************

Patrick Rael wrote:

On 05/11/2016 09:45 AM, Steve Snyder wrote:

...

On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:

...

Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.

Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.

Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.

Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again.

At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks.

PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?!!!!!!!!!

Give them some bloody time, children. It's a job of work, as the old saying goes.

mark

On 05/11/2016 11:24 AM, m.roth@5-cent.us wrote:

Patrick Rael wrote:

...

On 05/11/2016 09:45 AM, Steve Snyder wrote:

...

On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:

...

Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.

Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.

Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.

Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again.

At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks.

PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?!!!!!!!!!

Give them some bloody time, children. It's a job of work, as the old saying goes.

       mark

---

CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Thanks! You developers do a mountain of work, it's really appreciated greatly!

-->Pat ----------

Johnny Hughes wrote:

On 05/11/2016 11:44 AM, Patrick Rael wrote:

...

On 05/11/2016 09:45 AM, Steve Snyder wrote:

...

On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:

...

Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.

Thanks!

Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.

Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.

Because Red Hat built that against 6.8 and not 6.7, I have to do the same.

I expect that the CR rpms for os/ and that openssl update will be released in the next 2-3 days.

Thanks,

No, thank *you*, Johnny, for all the work you do... and, as I've offered before, if we're ever in the same metro area, I'd be happy to buy you a drink for it all.

mark