[CentOS] when RedHat makes patches for only some versions

Thu Dec 10 15:47:13 UTC 2015
Noam Bernstein <noam.bernstein at nrl.navy.mil>

> On Dec 10, 2015, at 10:40 AM, Leon Fauster <leonfauster at googlemail.com> wrote:
> Am 10.12.2015 um 16:16 schrieb Noam Bernstein <noam.bernstein at nrl.navy.mil>:
>> I guess this is really a RedHat, not CentOS question, but I’m hoping that someone here will be familiar enough with the upstream policy to have some useful information.
>> How does RedHat decide which versions to release patches for, e.g. https://access.redhat.com/security/cve/CVE-2015-7613 <https://access.redhat.com/security/cve/CVE-2015-7613> which has only a RH7 erratum, not 6?  And are they likely to eventually release a fix for this type of issue for RH6?
> Generally defined by the production phases:  
> https://access.redhat.com/support/policy/updates/errata/
> It explains not all but at least the big picture …

That’s useful, thanks.  

It does seem to indicate that RH6 is still in production 1, with security and bug fix errata being released.  So does that mean that I can expect RH to eventually release a fix for this CVE, but they just haven’t gotten around to it yet?


Noam Bernstein
Center for Materials Physics and Technology
Naval Research Laboratory Code 6390

noam.bernstein at nrl.navy.mil
phone: 202 404 8628