On Thursday, August 13, 2015 11:04:08 AM Marcus Meissner wrote:

Hi,

Our original plan was to fold wait for Firefox 40. This is also the version currently in the QA queue for openSUSE.

I hope we can release it today.

Ciao, Marcus

Thank you Marcus for this update. Definitely, Firefox 40 is much appreciated and fixes all known bugs up to date.

On Thu, Aug 13, 2015 at 10:01:07AM +0100, Peter Keller wrote:

...

I concur with Rick: I find it a bit disturbing that a week after this nasty exploit was announced, Firefox 39.0.3 has only made it into Tumbleweed, with 13.1 and 13.2 still at version 39.0.

Is there no way that this can be fast-tracked for openSUSE? Both RHEL and CentOS managed to ship the new version several days ago.

Peter.

Thank you Peter for your concern. I did also notice other distribution went Firefox 39.0.3 several days ago. And I was also tempted to recommend adding Mozilla repositories for openSUSE in order to keep it up and protect our systems. In the meantime, I tweaked a few Firefox features and switched to "Always Ask" for PDF preview on Application Preferences. However, trustful Marcus said perhaps Firefox 40 is released today and I will wait for it. :-) Rick -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org

On Friday, August 14, 2015 04:30:11 PM Peter Keller wrote:

Dear Rick, Marcus,

On Thursday 2015-08-13 17:35, Rick Chung wrote:

...

On Thursday, August 13, 2015 11:04:08 AM Marcus Meissner wrote:

...

Hi,

Our original plan was to fold wait for Firefox 40. This is also the version currently in the QA queue for openSUSE.

I hope we can release it today.

Ciao, Marcus

Thank you Marcus for this update.

I hope that I didn't sound too abrupt or demanding: I really appreciate the great job that you all do with openSUSE.

No, not at all. :-) So far, yesterday, I watched the only patch released was for SUSE systems. Today, Firefox 40 have been available for openSUSE 13.2 I hope this fix will be available for openSUSE 13.1 over the next hours. :-S

...

In the meantime, I tweaked a few Firefox features and switched to "Always Ask" for PDF preview on Application Preferences.

I can of course do this: my concern is for other users that I support who don't know that this vulnerability exists, and even if they knew wouldn't understand how it could affect them or what to do about it. (Yes, there are Linux desktop users like that out there :-)

Completely agreed. I have those users too. :-( Even worst, some of those users use to blame sysadmins because they expect sysadmins will protect them from their own faults. :-@ Let's change sysadmin title to "User's Conscious Soul" :-D

From long experience, I know that system administration must be done at the system level. Any sysadmin strategy that relies on getting the users to do something is a broken strategy. In this case, the only realistic fix that can be rolled out to non-technical users is to update Firefox to a version that is patched for this vulnerability.

Completely agreed. I would not minimize your - our concerns. It is genuine and critical. This vulnerability needed an urgent fix that I trust is coming quite soon because Marcus (who use to know the operational process) already mentioned was ready to be release. Have a Nice Weekend!! Rick -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org