So my cc processor started using a new PCI scanning company, 403 labs, and they totally suck. They found like just about every server, apache, openssh, postfix, dovecot... blah, to be at an old version. So I marked them as false positives because CentOS does back-porting.
Well they email me asking for the links to all the errata info for the patches that were applied... I have no idea where I would even find that! They said they can't accept my false positives without these links.
Do you guys know where those would be? I should have just turned off the version info banners instead of marking as false positives, but now they are suspicious of me or something.