[opensuse] wget source from 2012 being used in leap? Security Alert!
![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
I have wget 1.16 loaded in 13.2 and was wanting to get a later version and thought to look at leap 42.3. That is one of the more recent releases, no? Why would 42.3 have wget 1.14 in it from 2012?? Seems it would be missing even more security patches.... Latest wget version is 1.19. So what am I doing wrong? Isn't leap supposed to be for one of the newer releases? How could it be possible that a version prior to suse13.2 being released? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/a836ff90f492078f494adcf0c6059fc6.jpg?s=120&d=mm&r=g)
L A Walsh composed on 2017-06-18 11:45 (UTC-0700): .
How could it be possible that a version prior to suse13.2 being released?
Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain even in 42.3. Examine the wget changelog to see if the vulnerabilities remain. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
Felix Miata wrote:
L A Walsh composed on 2017-06-18 11:45 (UTC-0700): .
How could it be possible that a version prior to suse13.2 being released?
Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain even in 42.3. Examine the wget changelog to see if the vulnerabilities remain.
Thanks. If I may ask: where are the new stable versions? Somehow going to versions before 13.2 seems weird. Where is SLE at in relation to opensuse versions? 13.1? This seems really weird. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/abdee805d4df05af9a496107100c582c.jpg?s=120&d=mm&r=g)
* L A Walsh <suse@tlinx.org> [06-18-17 15:22]:
L A Walsh composed on 2017-06-18 11:45 (UTC-0700): .
How could it be possible that a version prior to suse13.2 being released?
Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain even in 42.3. Examine the wget changelog to see if the vulnerabilities remain. Thanks. If I may ask: where are
Felix Miata wrote: the new stable versions? Somehow going to versions before 13.2 seems weird.
Where is SLE at in relation to opensuse versions? 13.1?
This seems really weird.
no, Leap is based on SLE. 42.2 would compare to SLE aiui -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
Patrick Shanahan wrote:
* L A Walsh <suse@tlinx.org> [06-18-17 15:22]:
Thanks. If I may ask: where are the new stable versions? Somehow going to versions before 13.2 seems weird. Where is SLE at in relation to opensuse versions? 13.1? This seems really weird.
no, Leap is based on SLE. 42.2 would compare to SLE aiui
Is that only on Thursdays? or alternate Wednesdays? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
On 2017-06-19 06:44, L A Walsh wrote:
Patrick Shanahan wrote:
* L A Walsh <> [06-18-17 15:22]:
Thanks. If I may ask: where are the new stable versions? Somehow going to versions before 13.2 seems weird. Where is SLE at in relation to opensuse versions? 13.1? This seems really weird.
no, Leap is based on SLE. 42.2 would compare to SLE aiui
Is that only on Thursdays? or alternate Wednesdays?
Every day. What are you trying to say? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
![](https://seccdn.libravatar.org/avatar/abdee805d4df05af9a496107100c582c.jpg?s=120&d=mm&r=g)
* L A Walsh <suse@tlinx.org> [06-19-17 00:47]:
Patrick Shanahan wrote:
* L A Walsh <suse@tlinx.org> [06-18-17 15:22]:
Thanks. If I may ask: where are the new stable versions? Somehow going to versions before 13.2 seems weird. Where is SLE at in relation to opensuse versions? 13.1? This seems really weird.
no, Leap is based on SLE. 42.2 would compare to SLE aiui Is that only on Thursdays? or alternate Wednesdays?
alternate second Tuesdays of each week. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/a836ff90f492078f494adcf0c6059fc6.jpg?s=120&d=mm&r=g)
Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain even in 42.3. Examine the wget changelog to see if the vulnerabilities remain. . Thanks. If I may ask: where are
Felix Miata wrote: . the new stable versions? Somehow going to versions before 13.2 seems weird. . Where is SLE at in relation to opensuse versions? 13.1?. If you want to know how this happened, search the opensuse-factory archives for
L A Walsh composed on 2017-06-18 12:22 (UTC-0700): . the Stephan Kulow and/or Ludwig Nussel posts that explained how something like 1/3 of openSUSE packages were to come directly from SLE, the rest not, back around the time that Leap acquired its name, before 42.1 was released. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/bff0c215e01f23fcee6fe49e65fae458.jpg?s=120&d=mm&r=g)
On Mon, Jun 19, 2017 at 02:12:28AM -0400, Felix Miata wrote:
Leap is based on SLE. 42.1 had many packages backleveled from 13.2 that remain even in 42.3. Examine the wget changelog to see if the vulnerabilities remain. . Thanks. If I may ask: where are
Felix Miata wrote: . the new stable versions? Somehow going to versions before 13.2 seems weird. . Where is SLE at in relation to opensuse versions? 13.1?. If you want to know how this happened, search the opensuse-factory archives for
L A Walsh composed on 2017-06-18 12:22 (UTC-0700): . the Stephan Kulow and/or Ludwig Nussel posts that explained how something like 1/3 of openSUSE packages were to come directly from SLE, the rest not, back around the time that Leap acquired its name, before 42.1 was released.
... see above explanations. Note that "old" versions are not necessary a security problem, as we backport all security fixes. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
Marcus Meissner wrote:
Note that "old" versions are not necessary a security problem, as we backport all security fixes.
Ouch... that seems like a growing task of backporting... ug. What release(s) contain the newer stuff? I usually try to work from suse rpms even if I need a newer version. And then try to keep changes in rpms locally... (Have to try to tame the chaos somehow)... thanks, -l -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/2900b09e064ae279b7ea5af309c31a90.jpg?s=120&d=mm&r=g)
L A Walsh wrote:
Marcus Meissner wrote:
Note that "old" versions are not necessary a security problem, as we backport all security fixes. Ouch... that seems like a growing task of backporting... ug.
What release(s) contain the newer stuff?
I usually try to work from suse rpms even if I need a newer version. And then try to keep changes in rpms locally... (Have to try to tame the chaos somehow)...
What I do in such cases is to get the source rpm from Tumbleweed and compile that using rpmbuild. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/aea1d8248292e6482742234c5cb514de.jpg?s=120&d=mm&r=g)
Peter Suetterlin wrote:
What I do in such cases is to get the source rpm from Tumbleweed and compile that using rpmbuild.
Tnx, will check it out. -l -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Carlos E. R.
-
Felix Miata
-
L A Walsh
-
Marcus Meissner
-
Patrick Shanahan
-
Peter Suetterlin