> Date: Thursday, August 17, 2017 00:13:58 +0200 > From: Alexander Dalloz <ad+lists at uni-x.org> > > Am 16.08.2017 um 16:29 schrieb Herbert Chang: >> hi centos community, >> >> as many of you probably have been following along, a few days ago >> CVE 2017-1000117 >> <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was >> identified and redhat was prompt to release patches to fedora >> 25/26. I haven't seen any chatter thus far from CentOS, so was >> wondering if anyone knew the status of the patches landing in >> CentOS, and more specifically, for CentOS 6 and git 1.7.x that's >> currently latest in the repos. >> >> thanks! >> Herbert > > Red Hat has a CVE database. For the issue see > > https://access.redhat.com/security/cve/cve-2017-1000117 > > Red Hat just today has released a new git package for RHEL 6 + 7, > RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will > for sure pop up on the mirrors in near future. > > Alexander > I've seen the announcement and update(s) for centos-6 (CESA-2017:2485), but I don't find anything for centos-7 yet. It looks like RH announced them both at about the same time wednesday and the update for centos-6 came out thursday. Is there some reason that the update(s) for -7 haven't been pushed out?