From opensuse-security  Wed Feb 03 07:46:48 2016
From: Martin Konold <martin.konold () erfrakon ! de>
Date: Wed, 03 Feb 2016 07:46:48 +0000
To: opensuse-security
Subject: [opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from a
Message-Id: <1725434.bqn7S4P7LR () sony-01 ! tue ! hq ! erfrakon ! de>
X-MARC-Message: https://marc.info/?l=opensuse-security&m=145957056220501

Hi there,

At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security=
=20
update for the kernel of openSUSE 13.1 got announced.

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html

It mentions that kernel 3.11.10-32.1 fixes these issues.

I verified that many updates/fixes including those mentioned in the advisor=
y are=20
already incorporated in the git version as available from  http://
download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kern=
el-
source-3.11.10-170.1.g1e76e80.src.rpm

But when checking with http://download.opensuse.org/update/13.1/src/kernel-=
source-3.11.10-32.1.src.rpm which explicitly carries the version which is=20
mentioned in the security announcement and is also from 1 Feb 2016 I notice=
d=20
that the actual security fixes are missing in this package!

You may easily verify the issue by either looking at series.conf in the=20
supposed update package or simply check the changelog.

rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep=20
'Source Timestamp' =20

Source Timestamp: 2016-01-20 15:13:45 +0100

versus

rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-so=
urce-3.11.10-32.1.src.rpm |grep 'Source Timestamp' =20

Source Timestamp: 2015-03-05 17:24:00 +0100

The later is definitely outdated.=20

I can only assume that maybe something is wrong with the OBS setup. Maybe=20
Coolo can shed some light on the issue.

Kind regards
=2D-martin konold

=2D-=20
Dipl.-Physiker Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
=46irmensitz: Adolfstra=DFe 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: martin.konold@erfrakon.de
http://www.erfrakon.de


-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org