On 12/04/18 07:57, Veetil, Vyshnav wrote: > > Hi All, > > Can you please tell me the expected release of these rpms which is > having the fix for below CVE’s. > > 1. expat rpm: > CVE-2017-9233 > > > > 2.libxml2: > > CVE-2015-8035 > > > > 3. ntp and ntpdate RPM: > > CVE-2017-6462 > > CVE-2018-7170 > > CVE-2018-7170 > > CVE-2016-4954 > > CVE-2016-4955 > > CVE-2016-4956 > You can check the status of CVE numbers by looking at e.g. https://access.redhat.com/security/cve/cve-2017-9233 That one is listed there as "Will not fix". Substitute your other CVE numbers into the URL to check those too. Any that are listed with a section containing "Redhat Security Errata" are fixed and the publication date of the RHSA announcement listed will be when the fix was released. If it says 2018-04-10 then the fix is part of 7.5 and will be released when CentOS 7.5 is released. ETA unknown but ASAP. Trevor -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180412/ddb66b87/attachment-0008.html>