[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-security-announce
Subject:    [security-announce] openSUSE 11.1 has reached end of Novell support - 11.1 Evergreen goes on
From:       Marcus Meissner <meissner () suse ! de>
Date:       2011-01-14 16:43:28
Message-ID: 20110114164328.GG18862 () suse ! de
[Download RAW message or body]

Hi,

With the release of an opensc security fix on Thursday 13th January
Novell has released the last update for openSUSE 11.1.

openSUSE 11.1 is now officially discontinued and out of support by Novell.

However, a community effort has been started to continue 11.1 maintenance
under the codename of "Evergreen".

The overview page of this project, how to activate and use it, and other
details, is on:
	http://en.opensuse.org/openSUSE:Evergreen
The Evergreen project is lead by openSUSE community member Wolfgang Rosenauer.


Here are some statistics:

openSUSE 11.1 was released on December 18th 2008, making it 2 years 
and 1 month of security and bugfix support.

Some statistics on the released patches (compared to 11.0):

Total updates:		707	(+63)
	Security:	467	(-18)
	Recommended:	236	(+79)
	Optional:	4	(+ 2)

	CVE Entries:	1175 	(+34)

There is a 4% decrease in the number of security updates compared
to openSUSE 11.0. There is however a 2% increase in CVE numbers fixed.

Top issues (compared to 11.0 for issues down to 5):
     19 MozillaFirefox		(+1)
     14 kernel			(+5)
     11 acroread		(+1)
     10 java-1_6_0-openjdk	(+5)
      9 wireshark		(+1)
      9 opera			(-3)
      9 libopenssl-devel	(+4)
      9 flash-player		(+2)
      8 seamonkey		(-1)
      8 MozillaThunderbird	(-1)
      7 java-1_6_0-sun		(0)
      7 clamav			(+3)
      7 apache2-mod_php5	(0)
      6 moodle			(-1)
      6 libpng-devel		(0)
      6 samba			(0)
      5 postgresql
      5 krb5
      5 java-1_5_0-sun		(-1)
      5 cups			(-2)


And top issues sorted by CVE (Common Vulnerability Enumeration) count
(down to 5) (compared to 11.0 for the top):
	163	MozillaFirefox		(+20)
	115	acroread		(+22)
	114	java-1_6_0-sun		(+12)
	83	seamonkey		(0)
	83	kernel			(+8)
	83	java-1_6_0-openjdk	(+33)
	82	flash-player		(+18)
	70	MozillaThunderbird	(+16)
	51	java-1_5_0-sun		(-12, EOLed during the lifetime)
	41	mozilla-xulrunner191
	38	php5			(+14)
	33	wireshark		(-2)
	28	mozilla-xulrunner190	(-12, EOLed during the lifetime)
	28	moodle			(+1)
	27	opera			(-4)
	21	xpdf			(-2)
	17	freetype2
	15	mysql			(+2)
	14	openssl			(+5)
	14	pidgin/finch		(-4)
	13	libpoppler4		(+-0 to libpoppler3)
	13	kdegraphics3		(+2)
	12	krb5			(+4)
	12	samba			(+-0)
	11	postgresql		(+1)
	11	ghostscript		(+-0)
	10	tomcat6			(-1)
	10	MozillaFirefox-branding-openSUSE
	10	firefox35upgrade
	10	clamav			(-7)
	8	ruby			(-9)
	8	mozilla-xulrunner181	(-28, EOLed during the lifetime)
	8	poppler
	8	cups			(-6)
	7	OpenOffice_org
	7	kvm			(0)
	7	gvim			(0)
	7	apache2			(-4)
	6	qemu			(0)
	6	libpng			(0)
	6	glibc
	5	strongswan		(-2)
	5	squid			(0)
	5	bind			(-2)


# security updates by count
# grep -l type..secur updateinfo-*|sed -e \
's/^updateinfo-//;s/-[0-9]*.xml$//;'|sort|uniq -c|sort -n +0 -r|less # grep CVE- \
update* |perl -e '%cves=();while (<>) { while (/(CVE-2...-....)/) { $cve{$1}++; \
s/CVE-2...-....//;} } print join("\n",sort keys %cve)."\n";' | wc -l # for i in \
updateinfo-* ; do echo -n "$i " ; grep CVE- $i|perl -e '%cves=();while (<>) { while \
(/(CVE-2...-....)/) { $cve{$1}++; s/CVE-2...-....//;} } print join("\n",sort keys \
%cve)."\n";' | wc -l ; done |perl -e 'while (<>) { /^updateinfo-(\S*)-\d*.xml \
(\d*)$/; $cnt{$1}+=$2; } ; foreach (sort { $cnt{$b} <=> $cnt{$a} } keys %cnt) { print \
"$cnt{$_}\t\t$_\n";} '


[Attachment #3 (application/pgp-signature)]
-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]