On 04/25/2016 02:32 AM, ToddAndMargo wrote:
> Hi All,
>
> Seems like SL7 is not keeping up with Firefox and Thunderbird
> updates anymore. EL Linux is suppose to keep up with security updates
> but Red Hat obviously picks and chooses: Firefox and Thunderbird
> are typically left unpatched.
That is incorrect, see:
# rpm -q firefox --changelog
shows:
* Thu Mar 03 2016 Jan Horak <[log in to unmask]> - 38.7.0-1
- Update to 38.7.0 ESR
* Thu Feb 11 2016 Martin Stransky <[log in to unmask]> - 38.6.1-1
- Update to 38.6.1 ESR
* Thu Jan 21 2016 Jan Horak <[log in to unmask]> - 38.6.0-1
- Update to 38.6.0 ESR
* Fri Dec 11 2015 Jan Horak <[log in to unmask]> - 38.5.0-3
- Update to 38.5.0 ESR
* Thu Oct 29 2015 Jan Horak <[log in to unmask]> - 38.4.0-1
- Update to 38.4.0 ESR
* Tue Sep 15 2015 Jan Horak <[log in to unmask]> - 38.3.0-2
- Update to 38.3.0 ESR
* Wed Aug 26 2015 Martin Stransky <[log in to unmask]> - 38.2.1-1
- Update to 38.2.1 ESR
* Fri Aug 07 2015 Jan Horak <[log in to unmask]> - 38.2.0-4
- Update to 38.2.0 ESR
* Thu Aug 06 2015 Jan Horak <[log in to unmask]> - 38.1.1-1
- Update to 38.1.1 ESR
* Thu Jun 25 2015 Jan Horak <[log in to unmask]> - 38.1.0-1
- Update to 38.1.0 ESR
* Fri May 15 2015 Martin Stransky <[log in to unmask]> - 38.0.1-1
- Update to 38.0.1 ESR
so yes, there are updates for current firefox 38 ESR version.
What has been fixed is outlined here:
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
and if you look here:
https://www.mozilla.org/en-US/firefox/organizations/faq/
it shows that there will be still one more firefox 38 ESR release:
38.8.0
before support for it is dropped. (and upstream switches to ESR 45
releases which are now in 'qualify' phase)
Best Regards
Jarek
__
-------------------------------------------------------
_ Jaroslaw_Polok ___________________ CERN - IT/CM/LCS _
_ http://cern.ch/~jpolok ________ tel_+41_22_767_1834 _
______________________________________+41_75_411_9487 _