'[opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from a'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-security
Subject:    [opensuse-security] OpenSUSE 13.1 Official Security Update Kernel 3.11.10-32.1 misses patches from a
From:       Martin Konold <martin.konold () erfrakon ! de>
Date:       2016-02-03 7:46:48
Message-ID: 1725434.bqn7S4P7LR () sony-01 ! tue ! hq ! erfrakon ! de
[Download RAW message or body]

Hi there,

At Mon, 1 Feb 2016 16:11:19 +0100 (CET) an openSUSE-SU-2016:0301-1 security 
update for the kernel of openSUSE 13.1 got announced.

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html

It mentions that kernel 3.11.10-32.1 fixes these issues.

I verified that many updates/fixes including those mentioned in the advisory are 
already incorporated in the git version as available from  http://
download.opensuse.org/repositories/Kernel://openSUSE-13.1/standard/src/kernel-
source-3.11.10-170.1.g1e76e80.src.rpm

But when checking with http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm \
which explicitly carries the version which is  mentioned in the security announcement and is also from 1 \
Feb 2016 I noticed  that the actual security fixes are missing in this package!

You may easily verify the issue by either looking at series.conf in the 
supposed update package or simply check the changelog.

rpm -qpi --changelog kernel-source-3.11.10-170.1.g1e76e80.src.rpm |grep 
'Source Timestamp'  

Source Timestamp: 2016-01-20 15:13:45 +0100

versus

rpm -qpi --changelog http://download.opensuse.org/update/13.1/src/kernel-source-3.11.10-32.1.src.rpm \
|grep 'Source Timestamp'  

Source Timestamp: 2015-03-05 17:24:00 +0100

The later is definitely outdated. 

I can only assume that maybe something is wrong with the OBS setup. Maybe 
Coolo can shed some light on the issue.

Kind regards
--martin konold

-- 
Dipl.-Physiker Martin Konold

e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Registergericht: Amtsgericht Stuttgart PR 126
Firmensitz: Adolfstraße 23, 70469 Stuttgart
fon: 0711 67400963
fax: 0711 67400959
email: martin.konold@erfrakon.de
http://www.erfrakon.de


--
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-security+owner@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic