[opensuse-security] Re: [security-announce] SUSE Security Announcement: Mozilla Firefox (SUSE-SA:2009:012)
Marcus Meissner wrote
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues.
Updates are provided for openSUSE 11.0 and 11.1 currently, backports for other Mozilla Firefox browsers and Mozilla Suite programs will follow.
I somehow doubt this :-/ Unless my SLED update is broken or I've missed sth. (and I apologize if that's the case), the same was said for the last FF security announcement from Feb 16:
Fixes for older Firefox and other Mozilla versions are being worked on.
That's 4 weeks ago and nothing happened. Maybe all those bugs did not hit the 2.0 FF (but then this should be stated clearly). Otherwise it would mean that there haven't been fixes for a "remote code execution" (as stated in the announcement) for the SLES/SLED Firefox for more than 4 weeks now. This isn't acceptable for Enterprise versions! cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Mar 16, 2009 at 04:34:29PM +0100, Frank Steiner wrote:
Marcus Meissner wrote
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues.
Updates are provided for openSUSE 11.0 and 11.1 currently, backports for other Mozilla Firefox browsers and Mozilla Suite programs will follow.
I somehow doubt this :-/ Unless my SLED update is broken or I've missed sth. (and I apologize if that's the case), the same was said for the last FF security announcement from Feb 16:
Fixes for older Firefox and other Mozilla versions are being worked on.
That's 4 weeks ago and nothing happened. Maybe all those bugs did not hit the 2.0 FF (but then this should be stated clearly). Otherwise it would mean that there haven't been fixes for a "remote code execution" (as stated in the announcement) for the SLES/SLED Firefox for more than 4 weeks now. This isn't acceptable for Enterprise versions!
Yes, we have some backporting issues currently, since the maintainer changed. Also the 2.0 branch is officially out of maintenance, but there are some backports. I will try to get updates soon. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Marcus Meissner wrote
Yes, we have some backporting issues currently, since the maintainer changed.
Also the 2.0 branch is officially out of maintenance, but there are some backports.
Hmm, but what about the 5-year maintenance duration for SLES/SLED? Isn't it guaranteed to get support and upgrades/security fixes for the whole 5 years? I mean, we cannot just stop browsing with our SLED systems after three years... Especially not if it looks like SLES/D 11 will not be released in this century or decade or sth :-) I also feel that considering the price you pay for SLED and SLES one would expect to get at least security upgrades for these systems with higher priority than for openSuSE. With the increasing length of the SLES release cycle, this problem will occur more often in the future.
I will try to get updates soon.
Thanks! But wouldn't it be easier to have some additional packages of gtk, cairo etc., installing in some non-standard locations in /opt and use LD_LIBRARY_PATH to get FF3 running? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Mon, Mar 16, 2009 at 11:48:56PM +0100, Frank Steiner wrote:
Marcus Meissner wrote
Yes, we have some backporting issues currently, since the maintainer changed.
Also the 2.0 branch is officially out of maintenance, but there are some backports.
Hmm, but what about the 5-year maintenance duration for SLES/SLED? Isn't it guaranteed to get support and upgrades/security fixes for the whole 5 years? I mean, we cannot just stop browsing with our SLED systems after three years... Especially not if it looks like SLES/D 11 will not be released in this century or decade or sth :-)
I also feel that considering the price you pay for SLED and SLES one would expect to get at least security upgrades for these systems with higher priority than for openSuSE. With the increasing length of the SLES release cycle, this problem will occur more often in the future.
Of course we will be doing backports, I just wanted to explain the technical difficulties :)
I will try to get updates soon.
Thanks!
But wouldn't it be easier to have some additional packages of gtk, cairo etc., installing in some non-standard locations in /opt and use LD_LIBRARY_PATH to get FF3 running?
This is also something we consider and might be easier in the long run. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (2)
-
Frank Steiner -
Marcus Meissner