I guess this is really a RedHat, not CentOS question, but I’m hoping that someone here will be familiar enough with the upstream policy to have some useful information.
How does RedHat decide which versions to release patches for, e.g. https://access.redhat.com/security/cve/CVE-2015-7613 https://access.redhat.com/security/cve/CVE-2015-7613 which has only a RH7 erratum, not 6? And are they likely to eventually release a fix for this type of issue for RH6?
thanks, Noam ----------------------------------------------------------- Noam Bernstein Center for Materials Physics and Technology Naval Research Laboratory Code 6390
noam.bernstein@nrl.navy.mil phone: 202 404 8628
Am 10.12.2015 um 16:16 schrieb Noam Bernstein noam.bernstein@nrl.navy.mil:
I guess this is really a RedHat, not CentOS question, but I’m hoping that someone here will be familiar enough with the upstream policy to have some useful information.
How does RedHat decide which versions to release patches for, e.g. https://access.redhat.com/security/cve/CVE-2015-7613 https://access.redhat.com/security/cve/CVE-2015-7613 which has only a RH7 erratum, not 6? And are they likely to eventually release a fix for this type of issue for RH6?
Generally defined by the production phases: https://access.redhat.com/support/policy/updates/errata/
It explains not all but at least the big picture ...
-- LF
On Dec 10, 2015, at 10:40 AM, Leon Fauster leonfauster@googlemail.com wrote:
Am 10.12.2015 um 16:16 schrieb Noam Bernstein noam.bernstein@nrl.navy.mil:
I guess this is really a RedHat, not CentOS question, but I’m hoping that someone here will be familiar enough with the upstream policy to have some useful information.
How does RedHat decide which versions to release patches for, e.g. https://access.redhat.com/security/cve/CVE-2015-7613 https://access.redhat.com/security/cve/CVE-2015-7613 which has only a RH7 erratum, not 6? And are they likely to eventually release a fix for this type of issue for RH6?
Generally defined by the production phases: https://access.redhat.com/support/policy/updates/errata/
It explains not all but at least the big picture …
That’s useful, thanks.
It does seem to indicate that RH6 is still in production 1, with security and bug fix errata being released. So does that mean that I can expect RH to eventually release a fix for this CVE, but they just haven’t gotten around to it yet?
Noam
----------------------------------------------------------- Noam Bernstein Center for Materials Physics and Technology Naval Research Laboratory Code 6390
noam.bernstein@nrl.navy.mil phone: 202 404 8628
Maybe or maybe not.
Redhat support policy is a bit intresting..
-- Eero
2015-12-10 17:47 GMT+02:00 Noam Bernstein noam.bernstein@nrl.navy.mil:
On Dec 10, 2015, at 10:40 AM, Leon Fauster leonfauster@googlemail.com
wrote:
Am 10.12.2015 um 16:16 schrieb Noam Bernstein <
noam.bernstein@nrl.navy.mil>:
I guess this is really a RedHat, not CentOS question, but I’m hoping
that someone here will be familiar enough with the upstream policy to have some useful information.
How does RedHat decide which versions to release patches for, e.g.
https://access.redhat.com/security/cve/CVE-2015-7613 < https://access.redhat.com/security/cve/CVE-2015-7613%3E which has only a RH7 erratum, not 6? And are they likely to eventually release a fix for this type of issue for RH6?
Generally defined by the production phases: https://access.redhat.com/support/policy/updates/errata/
It explains not all but at least the big picture …
That’s useful, thanks.
It does seem to indicate that RH6 is still in production 1, with security and bug fix errata being released. So does that mean that I can expect RH to eventually release a fix for this CVE, but they just haven’t gotten around to it yet?
Noam
Noam Bernstein Center for Materials Physics and Technology Naval Research Laboratory Code 6390
noam.bernstein@nrl.navy.mil phone: 202 404 8628
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 12/10/2015 09:47 AM, Noam Bernstein wrote:
On Dec 10, 2015, at 10:40 AM, Leon Fauster leonfauster@googlemail.com wrote:
Am 10.12.2015 um 16:16 schrieb Noam Bernstein noam.bernstein@nrl.navy.mil:
I guess this is really a RedHat, not CentOS question, but I’m hoping that someone here will be familiar enough with the upstream policy to have some useful information.
How does RedHat decide which versions to release patches for, e.g. https://access.redhat.com/security/cve/CVE-2015-7613 https://access.redhat.com/security/cve/CVE-2015-7613 which has only a RH7 erratum, not 6? And are they likely to eventually release a fix for this type of issue for RH6?
Generally defined by the production phases: https://access.redhat.com/support/policy/updates/errata/
It explains not all but at least the big picture …
That’s useful, thanks.
It does seem to indicate that RH6 is still in production 1, with security and bug fix errata being released. So does that mean that I can expect RH to eventually release a fix for this CVE, but they just haven’t gotten around to it yet?
Backporting changes to the 2.6.32 kernel (el6) is much harder than to 3.10.0 kernel (el7) .. the further back you go, the more things are different from the items in those commits.
I am sure they will fix it, it just takes more time to do and to test.