I did know that the external version string did say nothing, and that patches is back ported. The link to Published SUSE Linux security updates is just what I needed to demonstrate they are wrong. Thanks! -- Regards Klaus Den 05-10-2017 kl. 11:00 skrev Andrei Borzenkov:
Check by version string is completely meaningless as security patches are commonly backported. You need to request CVE numbers that are reported and check whether these CVE are fixed; either they are explicitly mentioned in changelog or https://www.suse.com/de-de/security/cve/ would be starting point.
On Thu, Oct 5, 2017 at 10:32 AM, Klaus Vink Slott
wrote: Hi guys
I need a little help here: Based on a scanning from the national CERT my security officer claims that I am running outdated software. ...
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org