Firefox 2.0.0.3

Tiedemann
Newbie

Posts: 17

« on: April 02, 2007, 12:33:34 PM »

Released upstream on March 20, where is this security update in the Pardus repos?


	Logged

Tiedemann
Newbie

Posts: 17

Re: Firefox 2.0.0.3

« Reply #1 on: April 03, 2007, 10:32:00 AM »

Updated today.

All things come to he who waits 14 days (I notice Ubuntu posted their 2.0.0.3 patch some seven days before :roll: ).


	Logged

Jan Gnodde
Global Moderator
Pardus Guru

Gender:

Posts: 397

Re: Firefox 2.0.0.3

« Reply #2 on: April 03, 2007, 21:29:37 PM »

Quote from: "Tiedemann"

All things come to he who waits 14 days (I notice Ubuntu posted their 2.0.0.3 patch some seven days before :roll: ).

I've experienced that the Pardus developers do the updates in bulks every couple of weeks. They don't put every update on the net, as soon as it is there, but do some testing of it. And I think it's better that way (I remember a update of X in Kubuntu, which made the system crash, so it's not wise to always trust the developers of a software-package).

Jan.


	Logged

Tiedemann
Newbie

Posts: 17

Re: Firefox 2.0.0.3

« Reply #3 on: April 03, 2007, 21:59:21 PM »

Quote from: "gnodde"

They don't put every update on the net, as soon as it is there, but do some testing of it.

For a fortnight?

Quote

And I think it's better that way

Not if it leaves my machine and its data vulnerable for any longer than is strictly necessary, I'm afraid.

Quote

(I remember a update of X in Kubuntu, which made the system crash, so it's not wise to always trust the developers of a software-package)

IIRC that was more down to lax bureaucracy than anything else -- the X.org maintainer pulled a package from Debian Experimental and put it straight into Ubuntu's Bug Fix Updates repository.


	Logged

Tiedemann
Newbie

Posts: 17

Re: Firefox 2.0.0.3

« Reply #4 on: April 04, 2007, 00:40:36 AM »

Quote from: "gnodde"

I've experienced that the Pardus developers do the updates in bulks every couple of weeks.

With the result that Pardus security updates tend to lag behind. A few recent examples:

tcpdump vulnerability
CVE-2007-1218

Ubuntu: 2007-03-06
Pardus: 2007-03-16

- - - -

thunderbird: Multiple vulnerabilities
CVE-2007-0775, CVE-2007-0776, CVE-2007-0777 etc.

Ubuntu: 2007-03-07
Pardus: 2007-03-16

- - - -

gnupg: Signed message forgery
CVE-2007-1263

Ubuntu: 2007-03-08
Pardus: 2007-03-16

- - - -

file: Integer overflow vulnerability
CVE-2007-1536

Ubuntu 2007-03-21
Pardus 2007-04-03

- - - -

firefox: Vulnerability in handling FTP responses
CVE-2007-1562

Ubuntu 2007-03-27
Pardus 2007-04-03

- - - -

inkscape: Multiple format string vulnerabilities
CVE-2007-1463, CVE-2007-1464

Ubuntu 2007-03-21
Pardus 2007-04-03

- - - -

nas: Multiple vulnerabilities
CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547

Ubuntu 2007-03-28
Pardus 2007-04-03

- - - -

kdelibs: port scanning via ftp protocol
CVE-2007-1564

Ubuntu 2007-03-29
Pardus 2007-04-03


	Logged

Willem
M.D.
Administrator
Pardus Guru

Gender:

Posts: 1020

Firefox 2.0.0.3

« Reply #5 on: April 04, 2007, 07:01:04 AM »

Fixed after the major update yesterday!
Thanx for your requests


	Logged

For freedom...

Tiedemann
Newbie

Posts: 17

Firefox 2.0.0.3

« Reply #6 on: April 04, 2007, 11:45:19 AM »

Quote from: "Willem"

Fixed after the major update yesterday!
Thanx for your requests

They'd have done it anyway, sooner or later :wink: .


	Logged

Pages: [1]

« previous next »

	Welcome, Guest. Please login or register. May 25, 2013, 19:24:48 PM

Show unread posts since last visit.
News: Let Pardus-Anka become #1: Pardus-Anka Bug Report \| Pardus-Anka World Google+ \| The Pardus wiki \| Visit Pardus-Anka official website \| Register as forum member? Email the moderator!