James Antill wrote:
This isn't a hard problem, 3.0 should then be marked as a
security
update.
But the case we're discussing is that 3.0 was pushed long before it was
known that it happens to fix a security vulnerability. We're not going to
arbitrarily push another update and call it "security" when it doesn't fix
any security issue that's not already fixed.
This is just another failure point of yum-security.
Kevin Kofler