Missing Security Advisories since April 2023

modnar91 · Post by **modnar91** » 2023/07/10 11:18:48

Hello all,

usually security advisories were posted here every month: https://lists.centos.org/pipermail/centos-announce/. It looks like there are no updates since April 2023. Is there a new website where I can find updated security advisories for CentOS 7?

Many thanks!
Modnar

Post by **TrevorH** » 2023/07/10 11:26:47

The patches should be available as I try to chase anything that is missing for CentOS 7 to get it built. The announcements are a secondary problem and I will ask to see if they are missing.

modnar91 · Post by **modnar91** » 2023/07/10 12:15:04

Thank you very much!

sandrino82 · Post by **sandrino82** » 2023/07/24 14:54:16

TrevorH wrote: ↑
2023/07/10 11:26:47
The patches should be available as I try to chase anything that is missing for CentOS 7 to get it built. The announcements are a secondary problem and I will ask to see if they are missing.

Hi TravorH,
The lack of annoucements is making very hard the detection of exposure of devices to vulnerabilities.
I'm not able to link the updates ad version of a package to the resolution of a CVE, and this is a big issue for me.
an you please double check why announcements are not being published since April?
Is there any other page or errara where you announce what is being released, and how this is related to security issue resolution?

Many thanks

Post by **TrevorH** » 2023/07/24 15:49:01

As far as I know the announcement feed was fixed shortly after I last posted about it.

sandrino82 · Post by **sandrino82** » 2023/07/28 10:03:08

Hi Travor,

I'm a bit confused... if I look at the announcement page, https://lists.centos.org/pipermail/centos-announce/ i see that last annoucement is from April 2023... but since April CentOS made several security updates which now I'm not able to track.

Can you please help me understanding where I can find the Security Advisory released by CentOS?

Post by **TrevorH** » 2023/07/28 15:33:25

So, the announcements were fixed a while back but there has apparently been a networking issue within Red Hat that stopped those from reaching the outside world. The same network problem also meant that no new packages for any CentOS version (Stream included) were able to be signed. The network issue was resolved a little while ago and I have received a lot of CExA-yyyy-nnnn announcement mails in the last hour or so.

There will be a batch of patches for CentOS 7 coming down the pipe shortly as well as they have now been GPG signed and can be released.

Post by **TrevorH** » 2023/08/03 16:54:03

The patches have just been pushed to the mirrors now. Allow some hours for them to propagate around and for yum metadata to expire locally (or force it).

CentOS

Missing Security Advisories since April 2023

Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023

Re: Missing Security Advisories since April 2023