Description of problem: There was a security bulletin released from redhat ( https://www.redhat.com/archives/rhsa-announce/2018-March/msg00051.html ) a few months ago mentioning that python-paramiko has been updated to python-paramiko-2.1.1-4.el7.src.rpm to address a security concern. However, in the repo it looks like it is still on the old version. What is interesting though, is that the last updated date is the same date as the security bulletin. It appears that it was updated to the same version it already was Version-Release number of selected component (if applicable): n/a How reproducible: By updating with yum or by viewing the packages in epel directly Steps to Reproduce: 1. Go to here https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/p/ 2. search for python-paramiko Actual results: The version is python-paramiko-2.1.1-0.4.el7.noarch.rpm (with updated date of 2018-03-26) Expected results: The version should be python-paramiko-2.1.1-4.el7.src.rpm Additional info:
python-paramiko-2.1.1-0.4.el7 from EPEL is the same as python-paramiko-2.1.1-4.el7 from CentOS or RHEL. It has a "0." prepended to the release number so as to ensure that users that can receive the package directly from their OS provider get the OS provider's package rather than the EPEL package, since EPEL packages are not allowed to replace OS packages. So everything is working as intended here.