2017-12-14 09:49 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0014158CentOS-6procmailpublic2017-12-11 08:43
Product Version 
Target VersionFixed in Version 
Summary0014158: procmail bugfix for CVE-2017-168
Descriptionwhen will this bug CVE-2017-168 fixed in procmail for CentOS 6/7 ??
TagsNo tags attached.
Attached Files




tru (administrator)

When Red Hat will publish it, we will build it.
You can search here https://access.redhat.com/security/security-updates/

By the way there is no CVE-2017-168 and CVE-2017-0168 is not related to CentOS at all according to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0168.


phade (reporter)

Sorry, meant CVE-2017-16844, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844

This bug is not even meantioned under the security updates at redhat ...


toracat (manager)

It is listed in the RH CVE database but no action has been taken:


As tru mentioned, as soon as this is fixed in RHEL, CentOS will get it.


avij (manager)

https://access.redhat.com/security/cve/cve-2017-16844 states that a fix has been released for RHEL 7 (and CentOS 7), but procmail in RHEL 6 (and CentOS 6) has been labeled as "Will not fix".


phade (reporter)

CentOS 6.x will received updates until November 2020, right ?
But only if RH 6 will get the fix ?
No backporting ?

RH 6.7 has EUS until end of December 2018

So whats true now ?


tru (administrator)

> CentOS 6.x will received updates until November 2020, right ?

> But only if RH 6 will get the fix ?

> No backporting ?

Red Hat decision, otoh, you can try to appeal. But "important" RHSA is not enough since RHEL6 and thus CentOS6 are now in "production phase 3"

<quote https://access.redhat.com/support/policy/updates/errata/>
Production 3 Phase:
During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate. New functionality and new hardware enablement are not planned for availability in the Production 3 Phase. Minor releases with updated installation images may be made available in this Phase.

> RH 6.7 has EUS until end of December 2018
RH EUS is a Red Hat commercial product, CentOS does not have access to this EUS sources, thus not supported.

-Issue History
Date Modified Username Field Change
2017-11-21 11:37 phade New Issue
2017-11-21 13:29 tru Note Added: 0030619
2017-11-21 14:30 phade Note Added: 0030621
2017-11-22 01:03 toracat Note Added: 0030631
2017-12-09 16:44 avij Note Added: 0030731
2017-12-11 08:20 phade Note Added: 0030737
2017-12-11 08:43 tru Note Added: 0030738
+Issue History