[CentOS-devel] Security and other updates - too slow

Lamar Owen

lowen at pari.edu
Fri Dec 16 20:11:53 UTC 2016

On 12/16/2016 08:12 AM, Laurentiu Pancescu wrote:
> On 16/12/16 12:08, Karanbir Singh wrote:
>> On 16/12/16 10:49, Trevor Hemsley wrote:
>>> The latest https://rhn.redhat.com/errata/RHSA-2016-2946.html which is a
>>> critical update for firefox released on the 14th is still not released
>>> for CentOS 7 after 2 days.
> The original advisory[3] for Firefox 50.1 lists a few more CVEs than 
> Red Hat's bulletin (the critical security fixes are backported by 
> Mozilla in the ESR version "where feasible", which is why the 
> Canonical Security Team decided to offer the normal Firefox releases 
> in Ubuntu LTS, not the ESR ones). [4]
Firefox 45.6 (firefox-45.6.0-1.el7.centos.x86_64.rpm) coming down 
through yum as I write this.

CentOS has no control over the RHEL package; CentOS rebuilds the exactly 
as released (even if not exactly when released).  If you want CentOS to 
depart from the ESR train you need to bug Red Hat to change  RHEL's 
package so that the source propagates to CentOS.

More information about the CentOS-devel mailing list