View Issue Details

IDProjectCategoryView StatusLast Update
0014158CentOS-6procmailpublic2017-12-11 08:43
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0014158: procmail bugfix for CVE-2017-168
Descriptionwhen will this bug CVE-2017-168 fixed in procmail for CentOS 6/7 ??
TagsNo tags attached.




2017-11-21 13:29

administrator   ~0030619

When Red Hat will publish it, we will build it.
You can search here

By the way there is no CVE-2017-168 and CVE-2017-0168 is not related to CentOS at all according to:


2017-11-21 14:30

reporter   ~0030621

Sorry, meant CVE-2017-16844, see

This bug is not even meantioned under the security updates at redhat ...


2017-11-22 01:03

manager   ~0030631

It is listed in the RH CVE database but no action has been taken:

As tru mentioned, as soon as this is fixed in RHEL, CentOS will get it.


2017-12-09 16:44

manager   ~0030731 states that a fix has been released for RHEL 7 (and CentOS 7), but procmail in RHEL 6 (and CentOS 6) has been labeled as "Will not fix".


2017-12-11 08:20

reporter   ~0030737

CentOS 6.x will received updates until November 2020, right ?
But only if RH 6 will get the fix ?
No backporting ?

RH 6.7 has EUS until end of December 2018

So whats true now ?


2017-12-11 08:43

administrator   ~0030738

> CentOS 6.x will received updates until November 2020, right ?

> But only if RH 6 will get the fix ?

> No backporting ?

Red Hat decision, otoh, you can try to appeal. But "important" RHSA is not enough since RHEL6 and thus CentOS6 are now in "production phase 3"

Production 3 Phase:
During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate. New functionality and new hardware enablement are not planned for availability in the Production 3 Phase. Minor releases with updated installation images may be made available in this Phase.

> RH 6.7 has EUS until end of December 2018
RH EUS is a Red Hat commercial product, CentOS does not have access to this EUS sources, thus not supported.

Issue History

Date Modified Username Field Change
2017-11-21 11:37 phade New Issue
2017-11-21 13:29 tru Note Added: 0030619
2017-11-21 14:30 phade Note Added: 0030621
2017-11-22 01:03 toracat Note Added: 0030631
2017-12-09 16:44 avij Note Added: 0030731
2017-12-11 08:20 phade Note Added: 0030737
2017-12-11 08:43 tru Note Added: 0030738