On Fri, 28 Aug 2009, Alan McKay wrote: > Is there a document that will tell me what patch levels were shipped > with the different releases of CentOS? In particular 5.2? Two come to mind that we ship with every binary we alter, evey package we build: - one is the SRPM, which contains all sources and patches, etc - two is a summary of varying detail, and carried with every binary under RPM installation (here for the apache webserver, carried in the package: httpd): rpm -q --changelog httpd The first requires some 'diff' reading skills, but is the most accurate As to the second method, I see the following recent entries: * Tue Jul 14 2009 Karanbir Singh <kbsingh at centos.org> 2.2.3-22.el5.centos.2 - Roll in CentOS Branding * Mon Jul 06 2009 Joe Orton <jorton at redhat.com> 2.2.3-22.el5_3.2 - add security fixes for CVE-2009-1890, CVE-2009-1891 (#509782) * Thu May 07 2009 Joe Orton <jorton at redhat.com> 2.2.3-22.el5_3.1 - add security fixes for CVE-2008-1678, CVE-2009-1195 (#499284) * Wed Nov 12 2008 Joe Orton <jorton at redhat.com> 2.2.3-22.el5 - add security fixes for CVE-2008-2939 (#468841) - note that the mod_proxy 2.2.9 rebase fixed CVE-2008-2634 ------------------------- CVE may be explored down: http://cve.mitre.org/cve/ The values of the form (#NNNNNN) are down: https://bugzilla.redhat.com/ In this case, re-branding is so common as to not pick up a centos bug number, but might and if so would be at: http://bugs.centos.org/main_page.php -- Russ herrold