View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0014158||CentOS-6||procmail||public||2017-11-21 11:37||2017-12-11 08:43|
|Target Version||Fixed in Version|
|Summary||0014158: procmail bugfix for CVE-2017-168|
|Description||when will this bug CVE-2017-168 fixed in procmail for CentOS 6/7 ??|
|Tags||No tags attached.|
When Red Hat will publish it, we will build it.
You can search here https://access.redhat.com/security/security-updates/
By the way there is no CVE-2017-168 and CVE-2017-0168 is not related to CentOS at all according to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0168.
Sorry, meant CVE-2017-16844, see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
This bug is not even meantioned under the security updates at redhat ...
It is listed in the RH CVE database but no action has been taken:
As tru mentioned, as soon as this is fixed in RHEL, CentOS will get it.
|https://access.redhat.com/security/cve/cve-2017-16844 states that a fix has been released for RHEL 7 (and CentOS 7), but procmail in RHEL 6 (and CentOS 6) has been labeled as "Will not fix".|
CentOS 6.x will received updates until November 2020, right ?
But only if RH 6 will get the fix ?
No backporting ?
RH 6.7 has EUS until end of December 2018
So whats true now ?
> CentOS 6.x will received updates until November 2020, right ?
> But only if RH 6 will get the fix ?
> No backporting ?
Red Hat decision, otoh, you can try to appeal. But "important" RHSA is not enough since RHEL6 and thus CentOS6 are now in "production phase 3"
Production 3 Phase:
During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate. New functionality and new hardware enablement are not planned for availability in the Production 3 Phase. Minor releases with updated installation images may be made available in this Phase.
> RH 6.7 has EUS until end of December 2018
RH EUS is a Red Hat commercial product, CentOS does not have access to this EUS sources, thus not supported.
|2017-11-21 11:37||phade||New Issue|
|2017-11-21 13:29||tru||Note Added: 0030619|
|2017-11-21 14:30||phade||Note Added: 0030621|
|2017-11-22 01:03||toracat||Note Added: 0030631|
|2017-12-09 16:44||avij||Note Added: 0030731|
|2017-12-11 08:20||phade||Note Added: 0030737|
|2017-12-11 08:43||tru||Note Added: 0030738|