Re: Firefox and Thunderbird unpatched question

Mon, 25 Apr 2016 00:35:07 -0700 

On 04/24/2016 08:30 PM, Nico Kadel-Garcia wrote:

On Sun, Apr 24, 2016 at 10:51 PM, ToddAndMargo <toddandma...@zoho.com> wrote:

On 04/24/2016 07:43 PM, ToddAndMargo wrote:


On Apr 24, 2016 20:32, "ToddAndMargo" <toddandma...@zoho.com
<mailto:toddandma...@zoho.com>> wrote:

     Hi All,

     Seems like SL7 is not keeping up with Firefox and Thunderbird
     updates anymore.  EL Linux is suppose to keep up with security
updates
     but Red Hat obviously picks and chooses: Firefox and Thunderbird
     are typically left unpatched.

     Is there some repo out there for Firefox and Thunderbird to
     fills the gap?  Or, should I go back to using the binaries
     from releases.mozilla.org <http://releases.mozilla.org>?

     Many thanks,
     -T



On 04/24/2016 07:13 PM, Stephen John Smoogen wrote:


Why do you think they are unpatched? The Firefox and Thunderbird are
based off the upstream extended release cycle versions and not the
latest type. So the security fixes which are in ESR are there but new
features are not. If you need new features then you will need to work
from the upstream tar balls



Hi Steven,

That is just wishful thinking.  As vulnerabilities are discovered
they are not added to the ESR, or if the are, we don't see them.
Have you seen a single update come through to the current ESR?
It is set and forget.  EL picks and chooses what they will keep
up to date.  Firefox and Thunderbird ain't one of them.

Do you know of a repo that does keep Firefox and Thunderbird
up to date?  Or am I stuck with the binaries?

-T




We are currently 38.7.0 ESR.  As far as ESR goes, it is on
45.0

http://releases.mozilla.org/pub/firefox/releases/45.0esr/

Pick and choose.


This is one of the reasons I tend not to use SL, or the upstream RHEL,
for GUI's. Fedora for bleeding edge features, SL or other RHEL
variants for stable servers.

Backporting stable versions of upstream releases is tricky, awkward
work, and often sensitive to new dependency requirements. I'm dealing
with this right now trying to bckport Samba 4.4.x to SL 7, and I used
to do this for Subversion. It's not pretty with tools that introduce
new bleeding edge library requirements.




Here is a good chart on the ESR's (Extended Support Release):

https://www.mozilla.org/en-US/firefox/organizations/faq/

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






















					Reply via email to