On 25/04/16 04:51, ToddAndMargo wrote:
> On 04/24/2016 07:43 PM, ToddAndMargo wrote:
>>>> On Apr 24, 2016 20:32, "ToddAndMargo" <toddandma...@zoho.com
>>>> <mailto:toddandma...@zoho.com>> wrote:
>>>>     Hi All,
>>>>     Seems like SL7 is not keeping up with Firefox and Thunderbird
>>>>     updates anymore.  EL Linux is suppose to keep up with security
>>>> updates
>>>>     but Red Hat obviously picks and chooses: Firefox and Thunderbird
>>>>     are typically left unpatched.
>>>>     Is there some repo out there for Firefox and Thunderbird to
>>>>     fills the gap?  Or, should I go back to using the binaries
>>>>     from releases.mozilla.org <http://releases.mozilla.org>?
>>>>     Many thanks,
>>>>     -T
>> On 04/24/2016 07:13 PM, Stephen John Smoogen wrote:
>>> Why do you think they are unpatched? The Firefox and Thunderbird are
>>> based off the upstream extended release cycle versions and not the
>>> latest type. So the security fixes which are in ESR are there but new
>>> features are not. If you need new features then you will need to work
>>> from the upstream tar balls
>> Hi Steven,
>> That is just wishful thinking.  As vulnerabilities are discovered
>> they are not added to the ESR, or if the are, we don't see them.
>> Have you seen a single update come through to the current ESR?
>> It is set and forget.  EL picks and chooses what they will keep
>> up to date.  Firefox and Thunderbird ain't one of them.
>> Do you know of a repo that does keep Firefox and Thunderbird
>> up to date?  Or am I stuck with the binaries?
>> -T
> We are currently 38.7.0 ESR.  As far as ESR goes, it is on
> 45.0
> http://releases.mozilla.org/pub/firefox/releases/45.0esr/

Please have a look at the "What does the Mozilla Firefox ESR life cycle look
like?" section in the ESR faq.  38.7.0 is still a release being up-to-date on
the Firefox 38 base release.


kind regards,

David Sommerseth

Reply via email to