[CentOS] Centos and CVE-2017-1000117

Wed Aug 23 14:38:01 UTC 2017
Johnny Hughes <johnny at centos.org>

On 08/19/2017 11:27 AM, Lance Lassetter wrote:
> On August 19, 2017 10:12:27 AM CDT, Alexander Dalloz <ad+lists at uni-x.org> wrote:
>> Am 19.08.2017 um 14:45 schrieb Richard:
>>> I've seen the announcement and update(s) for centos-6
>>> (CESA-2017:2485), but I don't find anything for centos-7 yet. It
>>> looks like RH announced them both at about the same time wednesday
>>> and the update for centos-6 came out thursday. Is there some reason
>>> that the update(s) for -7 haven't been pushed out?
>> Updates for CentOS 7 are hold back until the 7.4 update gets released. 
>> It will start by populating the CR repo.
>> Alexander
> I'm new to Centos.  Security updates are considered general updates?

Updates build upon each other.  If an update is built against 7.4 and
links against the 7.4 libraries, we can not instead build it against 7.3
.. everything has to be done in a specific order to get the correct
build requirements and link against the proper shared libraries.  So
while it would be great to just build and release the security updates
first, life does not allow it to work like that.

CR should be out in a few hours .. initially it will contain only the
the RPMs that were part of the 7.4 actual release.

Within 24 hours of that CR release, CR will be updated to contain all
the updates that actually needed to be built against 7.4 (those are
building now and the initial CR is in the final QA stages).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20170823/f3f8a2cd/attachment-0004.sig>