[CentOS-devel] yum-plugin-security and shellshock

Thu Oct 2 00:56:52 UTC 2014
Nico Kadel-Garcia <nkadel at gmail.com>

On Wed, Oct 1, 2014 at 2:10 PM, Johnny Hughes <johnny at centos.org> wrote:
> On 10/01/2014 12:58 PM, Johnny Hughes wrote:
>> On 10/01/2014 12:11 PM, Kevin Stange wrote:
>>
>> <snip>
>>
>> CentOS is the community .. why don't you figure it out and maintain it
>> as a SIG?
>>
>
> How would we handle this scenario:
>
> I user has 6.3 installed, they have never updated.  We are on 6.5.
>
> Package abc-1.2.3 is installed on their machine, it is on the 6.3 iso
> that they installed from.
>
> Package abc-1.2.4 is a security update and in 6.4.
>
> Package abc-1.2.5 is a bugfix only update in 6.5.
>
> The guy says .. yum update security only.
>
> The info in the xml file says abc-1.2.4 is the right package, but it is
> not installable from 6.5 .. what happens?

This happened to me about two months ago. I had to manually enable
CentOS-Vault repo access.