On 01/08/11 17:10, Gabriel Tabares wrote:> Dear all,
>
> We're trying to use Nessus to monitor our system and we're having a
hard
> time mapping the package versions from RedHat to CentOS in order to be
> able to report against CVE (vulnerability reports).
>
> After some research, we think that the mapping is as follows (using
> HTTPD as the example):
>
> CentOS httd-2.2.3-43.el5.centos.3 is equivalent to RedHat
> httpd-2.2.3-43.el5_5.3
>
> So, it looks like CentOS replaces "_$MINOR_RELEASE" (in this case
"_5")
> with ".centos" . Is this a fair assumption or are there other
rules we
> are missing? Is this documented anywhere?
>
The CentOS developers outlined the naming in this rather lengthy thread:
http://lists.centos.org/pipermail/centos-devel/2011-May/007477.html
But as outlined in that thread it is not always easy (or indeed
possible) to establish which upstream source a given CentOS modified
package is built from. A more reliable method would be to check the
changelog.