On 05/07/2012 07:16 PM, Mitch Patenaude wrote: > I'm trying to find out if a particular RedHat patch has been ported to > CentOS yet. > > In particular, this vulnerability: CVE-2011-3607 > > According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it > has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm > > Now, in the latest CentOS repository, I find > httpd-2.2.3-63.el5.centos.1.x86_64.rpm > > Is this the same (or later) release? I suspect not, because the el5 != > el5_8.1, but I'm not 100% sure I understand the mapping between the two > sets of RPM names. You suspect wrong :) We keep the dist tags the same for packages that we do not modify for branding ... so if that was an unmodified package, it would have a .el5_8 dist tag, just like upstream. BUT ... for packages that we modify ... we always use a ".el5.centos" dist tag unless forced to use something else for some reason. So, since httpd is a modified package, "httpd-2.2.3-63.el5.centos.1.x86_64.rpm" == "httpd-2.2.3-63.el5_8.1.x86_64.rpm" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120507/dd6c7eb2/attachment-0005.sig>