Description of problem: https://rhn.redhat.com/errata/RHSA-2011-1385.html (2011-10-19) includes security fix bz#746157, CVE-2011-3365 with packages kdelibs-3.5.4-26.el5_7.1... http://rhn.redhat.com/errata/RHBA-2012-1177.html (2012-08-20) includes some newer fixes, including bz#669354 and bz#663638 but not bz#746157, CVE-2011-3365, with packages kdelibs-3.5.4-26.x86_64 etc. which is a *lower* version number. Version-Release number of selected component (if applicable): 3.5.4-26.el5 versus 3.5.4-26.el5_7.1 How reproducible: Always Steps to Reproduce: 1. On a machine with kdelibs-3.5.4-26.el5_7.1 (from RHEL 5u7) 2. yum update 3. rpmquery --chaneglog kdelibs | grep 669354 Actual results: nothing Expected results: - Resolves: #669354, fix timetamp issue in kwin on 64bit machine Additional info:
Sorry. I'm confusing kdebase and kdelibs, which have independant version numbers. NOT A BUG?
you cannot replace kdebase-3.5.4-26.el5 with kdelibs-3.5.4-26.el5_7.1!