[CentOS-devel] Security and other updates - too slow
Lamar Owen
lowen at pari.edu
Fri Dec 16 20:11:53 UTC 2016
On 12/16/2016 08:12 AM, Laurentiu Pancescu wrote:
> On 16/12/16 12:08, Karanbir Singh wrote:
>> On 16/12/16 10:49, Trevor Hemsley wrote:
>
>>> The latest https://rhn.redhat.com/errata/RHSA-2016-2946.html which is a
>>> critical update for firefox released on the 14th is still not released
>>> for CentOS 7 after 2 days.
>
> The original advisory[3] for Firefox 50.1 lists a few more CVEs than
> Red Hat's bulletin (the critical security fixes are backported by
> Mozilla in the ESR version "where feasible", which is why the
> Canonical Security Team decided to offer the normal Firefox releases
> in Ubuntu LTS, not the ESR ones). [4]
Firefox 45.6 (firefox-45.6.0-1.el7.centos.x86_64.rpm) coming down
through yum as I write this.
CentOS has no control over the RHEL package; CentOS rebuilds the exactly
as released (even if not exactly when released). If you want CentOS to
depart from the ESR train you need to bug Red Hat to change RHEL's
package so that the source propagates to CentOS.
More information about the CentOS-devel
mailing list