Hello,

security releases of the two Mozilla based products "SeaMonkey" and
"Firefox" have been published 2008-07-02 and 2008-07-01 by the project
maintainers.

So far Slackware has *no* patch package! At least one of the holes, in
detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
seems to be trivial to exploit and will *definetly* allow anyone to run
any code in user context!

Slackware could be so great, if security patches would be published *in*
*time*... :´-(

CU

Manuel

Manuel Reimer wrote:

> Slackware could be so great, if security patches would be published
> *in* *time*... :?-(

Yes, I agree.

At the moment patch support SUCKS.

-- Simon

Simon Sibbez wrote:
>> Slackware could be so great, if security patches would be published
>> *in* *time*... :?-(
>
> Yes, I agree.
>
> At the moment patch support SUCKS.

If this doesn't finally get better, then there will be even more users
porting over to other distributions. Including myself.

I pretty much like the concept of Slackware, but I definetly would like
to see a bit more security. I still vote for a separate project for
creating patches, but there would be needed several people to help with
that. And unfortunately a separate patch project most probably would
finally mean that a separate, new, slackware-based distribution would
have to be created. Definetly too much work...

CU

Manuel

Manuel Reimer wrote:
>> At the moment patch support SUCKS.
>
> If this doesn't finally get better, then there will be even more users
> porting over to other distributions. Including myself.

So, which one do you have in mind? Neither Debian, nor Fedora, nor
Redhat, nor SuSE, nor Ubuntu, nor any other distribution I know of has
updated packages for Firefox and Seamonkey yet.

Martin

Martin Schmitz wrote:
> Manuel Reimer wrote:
>>> At the moment patch support SUCKS.
>>
>> If this doesn't finally get better, then there will be even more users
>> porting over to other distributions. Including myself.
>
> So, which one do you have in mind? Neither Debian, nor Fedora, nor
> Redhat, nor SuSE, nor Ubuntu, nor any other distribution I know of has
> updated packages for Firefox and Seamonkey yet.

According to secunia.com redhat updated firefox on July 02
http://secunia.com/advisories/30903/ and seamonkey the next day
http://secunia.com/advisories/30878/

But that was the only distro they showed having updates available.

Steve

Martin Schmitz wrote:

> Manuel Reimer wrote:
>>> At the moment patch support SUCKS.
>>
>> If this doesn't finally get better, then there will be even more
>> users porting over to other distributions. Including myself.
>
> So, which one do you have in mind? Neither Debian, nor Fedora, nor
> Redhat, nor SuSE, nor Ubuntu, nor any other distribution I know of
> has updated packages for Firefox and Seamonkey yet.

The slacking of others is no excuse in my book.

Also, you are wrong:

http://archives.neohapsis.com/archiv...8-06/0079.html
http://archives.neohapsis.com/archiv...8-07/0016.html

-- Simon

Steven J Masta wrote:

> According to secunia.com redhat updated firefox on July 02
> http://secunia.com/advisories/30903/ and seamonkey the next day
> http://secunia.com/advisories/30878/
>
> But that was the only distro they showed having updates available.

Nope, see my other message ...

-- Simon

On Sun, 06 Jul 2008 13:18:56 +0200, Manuel Reimer wrote:

> security releases of the two Mozilla based products "SeaMonkey" and
> "Firefox" have been published 2008-07-02 and 2008-07-01 by the project
> maintainers.

It's a long holiday weekend here in the USA, which could explain why there
might be a slight delay.

> So far Slackware has *no* patch package! At least one of the holes, in
> detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
> seems to be trivial to exploit and will *definetly* allow anyone to run
> any code in user context!

Are you *seriously* concerned that this will *actually* happen to your
little home Slackware box? Do you not have *any* firewall between it and
the Internet?

> Slackware could be so great, if security patches would be published *in*
> *time*... :´-(

You could always use another distro, if you'd like. See signature.


--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
The Usenet Improvement Project: http://improve-usenet.org

On Sun, 06 Jul 2008 13:21:09 +0200, Simon Sibbez wrote:

>> Slackware could be so great, if security patches would be published
>> *in* *time*... :?-(

> At the moment patch support SUCKS.

At the moment, we're enjoying a long holiday weekend here in the USA.

Patch it yourself, if you're that worried about it.

Bugger off.


--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
The Usenet Improvement Project: http://improve-usenet.org

Manuel Reimer wrote:
> Hello,
>
> security releases of the two Mozilla based products "SeaMonkey" and
> "Firefox" have been published 2008-07-02 and 2008-07-01 by the project
> maintainers.
>
> So far Slackware has *no* patch package! At least one of the holes, in
> detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
> seems to be trivial to exploit and will *definetly* allow anyone to run
> any code in user context!
>
> Slackware could be so great, if security patches would be published *in*
> *time*... :´-(
>
> CU
>
> Manuel

I am going to show my ignorance but if the flaw is in Firefox etc, then would it
not be up to Mozilla to post the patches? Mozilla sent me a heads up to update
my Firefox because they fixed the flaw in the version I was running.
Why would I expect Slackware to "fix Firefox" ?

--
Leon
A computer without Microsoft is like a chocolate cake without mustard.
< running Linux >