'[opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from a'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-security
Subject:    [opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from a
From:       Martin Konold <martin.konold () erfrakon ! de>
Date:       2016-02-03 7:46:48
Message-ID: 1725434.bqn7S4P7LR () sony-01 ! tue ! hq ! erfrakon ! de
[Download RAW message or body]

Hi there,

At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security 
update for the kernel of openSUSE 13.1 got announced.

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html

It mentions that kernel 3.11.10-32.1 fixes these issues.

I verified that many updates/fixes including those mentioned in the advisory are 
already incorporated in the git version as available from  http://
download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kernel-
source-3.11.10-170.1.g1e76e80.src.rpm

But when checking with \
http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm which \
explicitly carries the version which is  mentioned in the security announcement and \
is also from 1 Feb 2016 I noticed  that the actual security fixes are missing in this \
package!

You may easily verify the issue by either looking at series.conf in the 
supposed update package or simply check the changelog.

rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep 
'Source Timestamp'  

Source Timestamp: 2016-01-20 15:13:45 +0100

versus

rpm -qpi --changelog \
http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm |grep \
'Source Timestamp'  

Source Timestamp: 2015-03-05 17:24:00 +0100

The later is definitely outdated. 

I can only assume that maybe something is wrong with the OBS setup. Maybe 
Coolo can shed some light on the issue.

Kind regards
--martin konold

-- 
Dipl.-Physiker Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
Firmensitz: Adolfstraße 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: martin.konold@erfrakon.de
http://www.erfrakon.de


--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic