[CentOS] Centos and CVE-2017-1000117

Sat Aug 19 12:45:20 UTC 2017
Richard <lists-centos at listmail.innovate.net>

> Date: Thursday, August 17, 2017 00:13:58 +0200
> From: Alexander Dalloz <ad+lists at uni-x.org>
> Am 16.08.2017 um 16:29 schrieb Herbert Chang:
>> hi centos community,
>> as many of you probably have been following along, a few days ago
>> CVE 2017-1000117
>> <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was
>> identified and redhat was prompt to release patches to fedora
>> 25/26.  I haven't seen any chatter thus far from CentOS, so was
>> wondering if anyone knew the status of the patches landing in
>> CentOS, and more specifically, for CentOS 6 and git 1.7.x that's
>> currently latest in the repos.
>> thanks!
>> Herbert
> Red Hat has a CVE database. For the issue see
> https://access.redhat.com/security/cve/cve-2017-1000117
> Red Hat just today has released a new git package for RHEL 6 + 7,
> RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will
> for sure pop up on the mirrors in near future.
> Alexander

I've seen the announcement and update(s) for centos-6
(CESA-2017:2485), but I don't find anything for centos-7 yet. It
looks like RH announced them both at about the same time wednesday
and the update for centos-6 came out thursday. Is there some reason
that the update(s) for -7 haven't been pushed out?