On 04/25/2016 12:45 AM, Jarek Polok wrote:
> On 04/25/2016 02:32 AM, ToddAndMargo wrote:
>> Hi All,
>>
>> Seems like SL7 is not keeping up with Firefox and Thunderbird
>> updates anymore. EL Linux is suppose to keep up with security updates
>> but Red Hat obviously picks and chooses: Firefox and Thunderbird
>> are typically left unpatched.
>
> That is incorrect, see:
>
> # rpm -q firefox --changelog
>
> shows:
>
> * Thu Mar 03 2016 Jan Horak <[log in to unmask]> - 38.7.0-1
> - Update to 38.7.0 ESR
>
> * Thu Feb 11 2016 Martin Stransky <[log in to unmask]> - 38.6.1-1
> - Update to 38.6.1 ESR
>
> * Thu Jan 21 2016 Jan Horak <[log in to unmask]> - 38.6.0-1
> - Update to 38.6.0 ESR
>
> * Fri Dec 11 2015 Jan Horak <[log in to unmask]> - 38.5.0-3
> - Update to 38.5.0 ESR
>
> * Thu Oct 29 2015 Jan Horak <[log in to unmask]> - 38.4.0-1
> - Update to 38.4.0 ESR
>
> * Tue Sep 15 2015 Jan Horak <[log in to unmask]> - 38.3.0-2
> - Update to 38.3.0 ESR
>
> * Wed Aug 26 2015 Martin Stransky <[log in to unmask]> - 38.2.1-1
> - Update to 38.2.1 ESR
>
> * Fri Aug 07 2015 Jan Horak <[log in to unmask]> - 38.2.0-4
> - Update to 38.2.0 ESR
>
> * Thu Aug 06 2015 Jan Horak <[log in to unmask]> - 38.1.1-1
> - Update to 38.1.1 ESR
>
> * Thu Jun 25 2015 Jan Horak <[log in to unmask]> - 38.1.0-1
> - Update to 38.1.0 ESR
>
> * Fri May 15 2015 Martin Stransky <[log in to unmask]> - 38.0.1-1
> - Update to 38.0.1 ESR
>
> so yes, there are updates for current firefox 38 ESR version.
> What has been fixed is outlined here:
>
> https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
>
> and if you look here:
>
> https://www.mozilla.org/en-US/firefox/organizations/faq/
>
> it shows that there will be still one more firefox 38 ESR release:
>
> 38.8.0
>
> before support for it is dropped. (and upstream switches to ESR 45
> releases which are now in 'qualify' phase)
>
>
>
> Best Regards
>
> Jarek
>
Hi Jarek,
Take a look over here at Mozilla's chart: