[CentOS] openssl Security Update for CentOS 6.7 ETA

Wed May 11 17:24:43 UTC 2016
m.roth at 5-cent.us <m.roth at 5-cent.us>

Patrick Rael wrote:
> On 05/11/2016 09:45 AM, Steve Snyder wrote:
>>
>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael" <prael at lumeta.com>
>> said:
>>
>>> Hi,
>>>  Is there an ETA on the openssl security update (CVE-2016-0799) for
>>> CentOS 6.7?    I saw the openssl update for CentOS 7 on 5/9, eagerly
>>> awaiting the same for 6.7.
>>>
>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday.  Unless
>> CentOS does a special back-port we'll have to wait for CentOS v6.8 to
>> get the OpenSSL update.

> Is there an ETA on CentOS v6.8?    Days? Weeks? Months? (years?)
> I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7.
> I thought security updates would be available on 6.7 for many more years.
>
Please - it was *just* released, and the build team is presumably already
on it. Hopefully, upstream hasn't screwed with their build environment
again.

At any rate, when upstream did, it took our build team about a month to
get builds working again; if they haven't, then I'd hope for a few weeks.

PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day
arguing over whether the build team is lazy, or 75% of them "ANYTHING
NEW?! HOW SOON?!!!!!!!!!

Give them some bloody time, children. It's a job of work, as the old
saying goes.

          mark