wget source from 2012 being used in leap? Security Alert!

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

wget source from 2012 being used in leap? Security Alert!

L A Walsh
I have wget 1.16 loaded in 13.2 and was wanting to get
a later version and thought to look at leap 42.3.

That is one of the more recent releases, no?

Why would 42.3 have wget 1.14 in it from 2012??

Seems it would be missing even more security
patches....

Latest wget version is 1.19.

So what am I doing wrong?  Isn't leap supposed to be
for one of the newer releases?  How could it be possible
that a version prior to suse13.2 being released?



--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

Felix Miata-3
L A Walsh composed on 2017-06-18 11:45 (UTC-0700):
.
> How could it be possible
> that a version prior to suse13.2 being released?

Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain
even in 42.3. Examine the wget changelog to see if the vulnerabilities remain.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

L A Walsh
Felix Miata wrote:

> L A Walsh composed on 2017-06-18 11:45 (UTC-0700):
> .
>  
>> How could it be possible
>> that a version prior to suse13.2 being released?
>>    
>
> Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain
> even in 42.3. Examine the wget changelog to see if the vulnerabilities remain.
>  
Thanks.  If I may ask: where are
the new stable versions?  Somehow going to versions before 13.2
seems weird.

Where is SLE at in relation to opensuse versions?
13.1?

This seems really weird.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

Patrick Shanahan-2
* L A Walsh <[hidden email]> [06-18-17 15:22]:

> Felix Miata wrote:
> >L A Walsh composed on 2017-06-18 11:45 (UTC-0700):
> >.
> >>How could it be possible
> >>that a version prior to suse13.2 being released?
> >
> >Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain
> >even in 42.3. Examine the wget changelog to see if the vulnerabilities remain.
> Thanks.  If I may ask: where are
> the new stable versions?  Somehow going to versions before 13.2
> seems weird.
>
> Where is SLE at in relation to opensuse versions?
> 13.1?
>
> This seems really weird.

no, Leap is based on SLE.  42.2 would compare to SLE aiui

--
(paka)Patrick Shanahan       Plainfield, Indiana, USA          @ptilopteri
http://en.opensuse.org    openSUSE Community Member    facebook/ptilopteri
Registered Linux User #207535                    @ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo                    paka @ IRCnet freenode

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

L A Walsh
Patrick Shanahan wrote:

> * L A Walsh <[hidden email]> [06-18-17 15:22]:
>  
>> Thanks.  If I may ask: where are
>> the new stable versions?  Somehow going to versions before 13.2
>> seems weird.
>> Where is SLE at in relation to opensuse versions?
>> 13.1?
>> This seems really weird.
>>    
>
> no, Leap is based on SLE.  42.2 would compare to SLE aiui
>  
Is that only on Thursdays? or alternate Wednesdays?



--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

Felix Miata-3
In reply to this post by L A Walsh
L A Walsh composed on 2017-06-18 12:22 (UTC-0700):
.
> Felix Miata wrote:
.
>> Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain
>> even in 42.3. Examine the wget changelog to see if the vulnerabilities remain.
.
> Thanks.  If I may ask: where are
> the new stable versions?  Somehow going to versions before 13.2
> seems weird.
.
> Where is SLE at in relation to opensuse versions?
> 13.1?.
If you want to know how this happened, search the opensuse-factory archives for
the Stephan Kulow and/or Ludwig Nussel posts that explained how something like
1/3 of openSUSE packages were to come directly from SLE, the rest not, back
around the time that Leap acquired its name, before 42.1 was released.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

Marcus Meissner
On Mon, Jun 19, 2017 at 02:12:28AM -0400, Felix Miata wrote:

> L A Walsh composed on 2017-06-18 12:22 (UTC-0700):
> .
> > Felix Miata wrote:
> .
> >> Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain
> >> even in 42.3. Examine the wget changelog to see if the vulnerabilities remain.
> .
> > Thanks.  If I may ask: where are
> > the new stable versions?  Somehow going to versions before 13.2
> > seems weird.
> .
> > Where is SLE at in relation to opensuse versions?
> > 13.1?.
> If you want to know how this happened, search the opensuse-factory archives for
> the Stephan Kulow and/or Ludwig Nussel posts that explained how something like
> 1/3 of openSUSE packages were to come directly from SLE, the rest not, back
> around the time that Leap acquired its name, before 42.1 was released.

... see above explanations.

Note that "old" versions are not necessary a security problem, as we backport
all security fixes.

Ciao, Marcus

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

Carlos E. R.-2
In reply to this post by L A Walsh
On 2017-06-19 06:44, L A Walsh wrote:

> Patrick Shanahan wrote:
>> * L A Walsh <> [06-18-17 15:22]:
>>  
>>> Thanks.  If I may ask: where are
>>> the new stable versions?  Somehow going to versions before 13.2
>>> seems weird.
>>> Where is SLE at in relation to opensuse versions?
>>> 13.1?
>>> This seems really weird.
>>>    
>>
>> no, Leap is based on SLE.  42.2 would compare to SLE aiui
>>  
> Is that only on Thursdays? or alternate Wednesdays?
Every day.
What are you trying to say?


--
Cheers / Saludos,

                Carlos E. R.
                (from 42.2 x86_64 "Malachite" at Telcontar)


signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? Security Alert!

Patrick Shanahan-2
In reply to this post by L A Walsh
* L A Walsh <[hidden email]> [06-19-17 00:47]:

> Patrick Shanahan wrote:
> >* L A Walsh <[hidden email]> [06-18-17 15:22]:
> >>Thanks.  If I may ask: where are
> >>the new stable versions?  Somehow going to versions before 13.2
> >>seems weird.
> >>Where is SLE at in relation to opensuse versions?
> >>13.1?
> >>This seems really weird.
> >
> >no, Leap is based on SLE.  42.2 would compare to SLE aiui
> Is that only on Thursdays? or alternate Wednesdays?

alternate second Tuesdays of each week.

--
(paka)Patrick Shanahan       Plainfield, Indiana, USA          @ptilopteri
http://en.opensuse.org    openSUSE Community Member    facebook/ptilopteri
Registered Linux User #207535                    @ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo                    paka @ IRCnet freenode

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? \

L A Walsh
In reply to this post by Marcus Meissner
Marcus Meissner wrote:
> Note that "old" versions are not necessary a security problem, as we backport
> all security fixes.
>  
Ouch... that seems like a growing task of backporting... ug.

What release(s) contain the newer stuff?

I usually try to work from suse rpms even if I need a newer version.
And then try to keep changes in rpms locally...
(Have to try to tame the chaos somehow)...

thanks,
-l




--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? \

Peter Suetterlin
L A Walsh wrote:

> Marcus Meissner wrote:
> > Note that "old" versions are not necessary a security problem, as we backport
> > all security fixes.
> Ouch... that seems like a growing task of backporting... ug.
>
> What release(s) contain the newer stuff?
>
> I usually try to work from suse rpms even if I need a newer version.
> And then try to keep changes in rpms locally...
> (Have to try to tame the chaos somehow)...

What I do in such cases is to get the source rpm from Tumbleweed and compile
that using rpmbuild.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wget source from 2012 being used in leap? \

L A Walsh
Peter Suetterlin wrote:
> What I do in such cases is to get the source rpm from Tumbleweed and
> compile
> that using rpmbuild.
>  
Tnx, will check it out.

-l


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Loading...