[CentOS-devel] CVE-2011-3192 rpms for CentOS 5 still pending?

Wed Sep 7 16:31:58 UTC 2011
Karanbir Singh <mail-lists at karan.org>

On 09/07/2011 04:33 PM, Gianluca Cecchi wrote:
> On Wed, Sep 7, 2011 at 5:27 PM, Leon Fauster wrote:
>> Thats correct:
>> rpm -qp --changelog http://mirror.centos.org/centos-5/5/cr/x86_64/RPMS/httpd-2.2.3-53.el5.centos.1.x86_64.rpm | head
> If a CentOS package contains aggregated upstream sequentially provided
> corrections, I think it is desirable to have all of the related
> RHSA/RHBA/RHEA links mentioned in the body of the related CentOS
> announce mail message.
> Just my opinion to provide better service.

A CentOS rpm only contains exactly what was in the corresponding srpm 
released upstream. The only changes are to branding.

- KB