[security] SeaMonkey 1.1.10 and Firefox 2.0.0.15 - Slackware

This is a discussion on [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15 - Slackware ; Hello, security releases of the two Mozilla based products "SeaMonkey" and "Firefox" have been published 2008-07-02 and 2008-07-01 by the project maintainers. So far Slackware has *no* patch package! At least one of the holes, in detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846 ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 42

Thread: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

  1. [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Hello,

    security releases of the two Mozilla based products "SeaMonkey" and
    "Firefox" have been published 2008-07-02 and 2008-07-01 by the project
    maintainers.

    So far Slackware has *no* patch package! At least one of the holes, in
    detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
    seems to be trivial to exploit and will *definetly* allow anyone to run
    any code in user context!

    Slackware could be so great, if security patches would be published *in*
    *time*... :-(

    CU

    Manuel

  2. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Manuel Reimer wrote:

    > Slackware could be so great, if security patches would be published
    > *in* *time*... :?-(


    Yes, I agree.

    At the moment patch support SUCKS.

    -- Simon

  3. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Simon Sibbez wrote:
    >> Slackware could be so great, if security patches would be published
    >> *in* *time*... :?-(

    >
    > Yes, I agree.
    >
    > At the moment patch support SUCKS.


    If this doesn't finally get better, then there will be even more users
    porting over to other distributions. Including myself.

    I pretty much like the concept of Slackware, but I definetly would like
    to see a bit more security. I still vote for a separate project for
    creating patches, but there would be needed several people to help with
    that. And unfortunately a separate patch project most probably would
    finally mean that a separate, new, slackware-based distribution would
    have to be created. Definetly too much work...

    CU

    Manuel

  4. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Manuel Reimer wrote:
    >> At the moment patch support SUCKS.

    >
    > If this doesn't finally get better, then there will be even more users
    > porting over to other distributions. Including myself.


    So, which one do you have in mind? Neither Debian, nor Fedora, nor
    Redhat, nor SuSE, nor Ubuntu, nor any other distribution I know of has
    updated packages for Firefox and Seamonkey yet.

    Martin


  5. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Martin Schmitz wrote:
    > Manuel Reimer wrote:
    >>> At the moment patch support SUCKS.

    >>
    >> If this doesn't finally get better, then there will be even more users
    >> porting over to other distributions. Including myself.

    >
    > So, which one do you have in mind? Neither Debian, nor Fedora, nor
    > Redhat, nor SuSE, nor Ubuntu, nor any other distribution I know of has
    > updated packages for Firefox and Seamonkey yet.


    According to secunia.com redhat updated firefox on July 02
    http://secunia.com/advisories/30903/ and seamonkey the next day
    http://secunia.com/advisories/30878/

    But that was the only distro they showed having updates available.

    Steve

  6. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Martin Schmitz wrote:

    > Manuel Reimer wrote:
    >>> At the moment patch support SUCKS.

    >>
    >> If this doesn't finally get better, then there will be even more
    >> users porting over to other distributions. Including myself.

    >
    > So, which one do you have in mind? Neither Debian, nor Fedora, nor
    > Redhat, nor SuSE, nor Ubuntu, nor any other distribution I know of
    > has updated packages for Firefox and Seamonkey yet.


    The slacking of others is no excuse in my book.

    Also, you are wrong:

    http://archives.neohapsis.com/archiv...8-06/0079.html
    http://archives.neohapsis.com/archiv...8-07/0016.html

    -- Simon


  7. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Steven J Masta wrote:

    > According to secunia.com redhat updated firefox on July 02
    > http://secunia.com/advisories/30903/ and seamonkey the next day
    > http://secunia.com/advisories/30878/
    >
    > But that was the only distro they showed having updates available.


    Nope, see my other message ...

    -- Simon


  8. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    On Sun, 06 Jul 2008 13:18:56 +0200, Manuel Reimer wrote:

    > security releases of the two Mozilla based products "SeaMonkey" and
    > "Firefox" have been published 2008-07-02 and 2008-07-01 by the project
    > maintainers.


    It's a long holiday weekend here in the USA, which could explain why there
    might be a slight delay.

    > So far Slackware has *no* patch package! At least one of the holes, in
    > detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
    > seems to be trivial to exploit and will *definetly* allow anyone to run
    > any code in user context!


    Are you *seriously* concerned that this will *actually* happen to your
    little home Slackware box? Do you not have *any* firewall between it and
    the Internet?

    > Slackware could be so great, if security patches would be published *in*
    > *time*... :-(


    You could always use another distro, if you'd like. See signature.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
    The Usenet Improvement Project: http://improve-usenet.org


  9. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    On Sun, 06 Jul 2008 13:21:09 +0200, Simon Sibbez wrote:

    >> Slackware could be so great, if security patches would be published
    >> *in* *time*... :?-(


    > At the moment patch support SUCKS.


    At the moment, we're enjoying a long holiday weekend here in the USA.

    Patch it yourself, if you're that worried about it.

    Bugger off.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
    The Usenet Improvement Project: http://improve-usenet.org


  10. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Manuel Reimer wrote:
    > Hello,
    >
    > security releases of the two Mozilla based products "SeaMonkey" and
    > "Firefox" have been published 2008-07-02 and 2008-07-01 by the project
    > maintainers.
    >
    > So far Slackware has *no* patch package! At least one of the holes, in
    > detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
    > seems to be trivial to exploit and will *definetly* allow anyone to run
    > any code in user context!
    >
    > Slackware could be so great, if security patches would be published *in*
    > *time*... :-(
    >
    > CU
    >
    > Manuel


    I am going to show my ignorance but if the flaw is in Firefox etc, then would it
    not be up to Mozilla to post the patches? Mozilla sent me a heads up to update
    my Firefox because they fixed the flaw in the version I was running.
    Why would I expect Slackware to "fix Firefox" ?

    --
    Leon
    A computer without Microsoft is like a chocolate cake without mustard.
    < running Linux >

  11. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Leon Whyte wrote:
    > I am going to show my ignorance but if the flaw is in Firefox etc, then would it
    > not be up to Mozilla to post the patches? Mozilla sent me a heads up to update
    > my Firefox because they fixed the flaw in the version I was running.
    > Why would I expect Slackware to "fix Firefox" ?


    because slackware provides a firefox package.


    --
    Joost Kremers joostkremers@yahoo.com
    Selbst in die Unterwelt dringt durch Spalten Licht
    EN:SiS(9)

  12. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Simon Sibbez wrote:
    >
    > Also, you are wrong:
    >
    > http://archives.neohapsis.com/archiv...8-06/0079.html


    This one is for Mandriva back in June - obviously another problem?

    > http://archives.neohapsis.com/archiv...8-07/0016.html
    >


    This one was posted on July 2nd, and the patch was not finalized until
    the 3rd? Jumping the gun?

    Didn't see anything under Debian. Finding the security updates section
    for RH was a bitch - looks like they also made the update on the 2nd, despite
    the patch being made on the 3rd? Don't see anything for Suse.

    No, not an excuse, but the OP over hyped the seriousness of the problem.
    It is a bug that doesn't apparently have any concrete examples of a remote
    exploit (reading the RH security advisory).

    - Kurt

  13. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Manuel Reimer wrote:
    >
    > If this doesn't finally get better, then there will be even more users
    > porting over to other distributions. Including myself.


    Yep, Slackware has been doomed to fail for at least the last decade now....

    - Kurt

  14. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    On 2008-07-06, Manuel Reimer wrote:

    > If this doesn't finally get better, then there will be even more users
    > porting over to other distributions. Including myself.


    don't let the 'shutdown -h 0' hit you on the ass on the way out

    nb

  15. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    On Sun, 6 Jul 2008, ~kurt wrote:

    > No, not an excuse, but the OP over hyped the seriousness of the problem.
    > It is a bug that doesn't apparently have any concrete examples of a remote
    > exploit (reading the RH security advisory).


    Was the OP not the same one who screamed and jumped up and down a few
    months back demanding a ****dora like approach to patches (ie: opening up
    under a sub project where any idiot can submit a trojan ... oops sorry I
    mean patch) .. so it doesnt surprise me he is back again hyping up
    over nothing trying to get his slackware-patch-dev-branch-Luser-club going
    support again, and he'll be back again doing the same thing the next time
    something has an issue..

    Of course there is nothing to stop him from writting the patches
    and setting it up somewhere, similar to linuxpackages, repsexcted, but not
    official, or maybe beter still, moving to another distro if this one does
    not meet his purpose.

    --
    Cheers
    Res
    --- Usenet policy, and why I might ignore you ---
    1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
    waste your time or energy replying to me.

    2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
    a nicer place.

  16. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    On Mon, 7 Jul 2008, Res wrote:

    > On Sun, 6 Jul 2008, ~kurt wrote:
    >
    >> No, not an excuse, but the OP over hyped the seriousness of the problem.
    >> It is a bug that doesn't apparently have any concrete examples of a remote
    >> exploit (reading the RH security advisory).

    >
    > Was the OP not the same one who screamed and jumped up and down a few months
    > back demanding a ****dora like approach to patches (ie: opening up under a
    > sub project where any idiot can submit a trojan ... oops sorry I mean patch)
    > .. so it doesnt surprise me he is back again hyping up over nothing trying to
    > get his slackware-patch-dev-branch-Luser-club going support again, and he'll
    > be back again doing the same thing the next time something has an issue..


    One more thing, the day Pat opens up Slackware patching/development like
    that, is the day I leave Slackware, I trust the small team that exists now
    I will not trust it when a bunch of unknowns are granted access to do it.

    There is a reason Slackware is stable and doesnt need 20 different
    patches like certain other distros, there is a reason I can install a
    slack package and go home in the afternoon knowing my network wont be
    compromised trough idiotic hack (just look at the recent debian ssl
    stupidity) and I rather keep it this way.

    --
    Cheers
    Res
    --- Usenet policy, and why I might ignore you ---
    1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
    waste your time or energy replying to me.

    2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
    a nicer place.

  17. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Manuel Reimer wrote:
    > Hello,
    >
    > security releases of the two Mozilla based products "SeaMonkey" and
    > "Firefox" have been published 2008-07-02 and 2008-07-01 by the project
    > maintainers.
    >
    > So far Slackware has *no* patch package! At least one of the holes, in
    > detail this one: https://bugzilla.mozilla.org/show_bug.cgi?id=419846
    > seems to be trivial to exploit and will *definetly* allow anyone to run
    > any code in user context!
    >
    > Slackware could be so great, if security patches would be published *in*
    > *time*... :-(
    >
    > CU
    >
    > Manuel


    Why wait for a patch? Start Firefox. Click on 'Help'. Click on 'Check
    For Updates'. Then follow the prompts. Firefox will obligingly upgrade
    itself. Much easier than waiting for a patch.

    Jerry Vrooman

  18. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Jerry Vrooman wrote:
    > Why wait for a patch? Start Firefox. Click on 'Help'. Click on 'Check
    > For Updates'. Then follow the prompts. Firefox will obligingly upgrade
    > itself. Much easier than waiting for a patch.


    I don't use Firefox, I use SeaMonkey.

    And even Firefox is unable to update itself, as Firefox runs as regular
    user and regular users are unable to write to /usr

    CU

    Manuel


  19. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    Manuel Reimer wrote:
    > Jerry Vrooman wrote:
    >> Why wait for a patch? Start Firefox. Click on 'Help'. Click on 'Check
    >> For Updates'. Then follow the prompts. Firefox will obligingly upgrade
    >> itself. Much easier than waiting for a patch.

    >
    > I don't use Firefox, I use SeaMonkey.
    >
    > And even Firefox is unable to update itself, as Firefox runs as regular
    > user and regular users are unable to write to /usr
    >
    > CU
    >
    > Manuel
    >


    Strange, it worked for me. Just lucky I guess.

  20. Re: [security] SeaMonkey 1.1.10 and Firefox 2.0.0.15

    On Mon, 07 Jul 2008 09:50:34 +0200
    Manuel Reimer wrote:

    > I don't use Firefox, I use SeaMonkey.
    >
    > And even Firefox is unable to update itself, as Firefox runs as
    > regular user and regular users are unable to write to /usr


    Looks its no big problem. Just download Pat's build script for
    Slackware plus the supporting files (but not the actual source archive)
    from the source/xap section of your local ftp mirror server and put
    them in a build folder.

    Get the actual source from the mozilla website - put that in the build
    folder. Change the version line of Pat's buildscript
    seamonkey.SlackBuild to 1.1.10 and run it.

    That compiles the source and builds you a package in /tmp ready to
    install.

    --
    Roger Brown
    roger2@rogerbrown.no-ip.org
    http://rogerbrown.no-ip.org


+ Reply to Thread
Page 1 of 3 1 2 3 LastLast