2011/9/7 Ned Slider <ned at unixmail.co.uk>: > On 07/09/11 05:20, dfrg.msc wrote: >> According to the CentOS-CR-Announce list, there is recently an update >> for httpd in CentOS 5 CR repo. But the announcement >> http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000293.html >> refers to upstream RHBA-2011-1067, which is the version released with >> 5.7 base packages. Upstream has an update for CVE-2011-3192 whose >> announcement is RHSA-2011-1245, and this update of httpd has version >> number 2.2.3-53.el5_7.1, which is higher than that in C5 CR repo >> (2.2.3-53.el5.centos). Maybe there should be another update for httpd >> in CentOS 5 CR repo. >> BTW, any update on C6.1 (or 6.0 CR packages)? >> >> Regards. > > > Please see this extremely lengthy thread for an explanation as to why > this is confusing: > > http://lists.centos.org/pipermail/centos-devel/2011-May/007477.html > > You can not go by the package name-version-release string alone as > CentOS change this. Try examining the changelog and look for the above > CVE's. > > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel > I understand. So there is already CVE-2011-3192 rpms uploaded to CentOS 5 CR repo, but no announcement posted yet.