Bug 396243

Summary: opensuse updater pulls from from wrong source
Product: [openSUSE] openSUSE 10.3 Reporter: Juergen Weigert <jw>
Component: Update ProblemsAssignee: E-mail List <bnc-team-screening>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None CC: meissner
Version: Final   
Target Milestone: ---   
Hardware: x86   
OS: openSUSE 10.3   
See Also: https://fate.suse.com/300899
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 357354    
Attachments: error message that made me frown ...

Description Juergen Weigert 2008-06-01 21:45:24 UTC 
Created attachment 219385 [details]
error message that made me frown ...

A security update for emacs was suggested according to CVE-2008-2142
I'd expect that such updates would come from http://download.opensuse.org/update/10.3/ or similar.
Instead, I found that it pulled a bleeding edge cvs emacs from http://download.opensuse.org/repositories/home:/hmacht/openSUSE_10.3/
I only noticed this, due to a network interruption that brought up an error message. I had added home:hmacht repository for kernel tests earlier, and forgotten to remove it afterwards.

Is it simply grabbing the 'newest' emacs it can find?
Comment 1 Marcus Meissner 2008-06-03 07:10:41 UTC 
This is a known issue with 10.3 (and 10.2 and 10.1).

I hope its better in 11.0, but in general it will install a newer version of emacs, which very likely is security fixed.

I had a FATE open for this too , 300899

-> apparently fixed in 11.0.