[CentOS-devel] [CentOS-announce] CentOS Linux, CentOS Stream and the Boot Hole vulnerability

Sun Aug 9 08:59:06 UTC 2020
Johnny Hughes <johnny at centos.org>

On 8/8/20 1:36 AM, Jake Shipton wrote:
> 2020-08-03 (月) の 10:41 -0500 に Johnny Hughes さんは書きました:
>> On 7/29/20 1:35 PM, Leon Fauster via CentOS-devel wrote:
>>> Am 29.07.20 um 19:38 schrieb Brian Stinson:
>>>> We are aware of the Boot Hole vulnerability in grub2 (CVE-2020-
>>>> 1073) and
>>>> are working on releasing new packages for CentOS Linux 7, CentOS
>>>> Linux 8
>>>> and CentOS Stream in response. These should make it out to a
>>>> mirror near
>>>> you shortly.
>>>>
>>>
>>> Should be ?
>>> CVE-2020-10713
>>> and
>>> CVE-2020-14308
>>> CVE-2020-14309
>>> CVE-2020-14310
>>> CVE-2020-14311
>>>
>>
>> We have no ability to match up CVE numbers and CentOS-8 releases ..
>> as
>> modules use git commit IDs and build time stamps in the rpm names.
>>
>>
>> _______________________________________________
>> CentOS-devel mailing list
>> CentOS-devel at centos.org
>> https://lists.centos.org/mailman/listinfo/centos-devel
> 
> Hi,
> 
> That's understandable. But on a separate note, is there any chance of
> CentOS Announce receiving update information for CentOS 8?
> 
> Currently, 6 and 7 are receiving them. However, for several months now
> CentOS 8 hasn't had any update emails on that list with the exception
> of minor releases or this issue.
> 
> Just wondering, because I use that list to keep up with updates :-).
> 
> Kind Regards and Stay Safe
> 
> Jake Shipton (JakeMS)
> 

What we have right now is two fold:

This:
https://feeds.centos.org/

And looking at what is built for dist-c8-compose (what will be in the
latest compose):
https://koji.mbox.centos.org/koji/builds?tagID=338


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20200809/e994bcc6/attachment-0006.sig>