Hi Andrei,
The Security updates for SLF go out the week following the SL updates. This particular update should be available next Tuesday. The debuginfo repo is shared between SL and SLF, so you may see the debuginfo before the security update is available.
Thanks!
On 10/9/18, 11:23 AM, "Andrei Gaponenko" <[log in to unmask]> wrote:
Hello,
On an SLF6 system I see an updated debuginfo, but still not the main
firefox package. Did something go wrong, or should I just wait longer?
mu2epix01 ~$ yum clean all
Loaded plugins: priorities, protectbase, refresh-packagekit, security
Cleaning repos: epel osg slf slf-security slf6x slf6x-security
Cleaning up Everything
mu2epix01 ~$ yum --enablerepo='*' list all | grep firefox
firefox.x86_64 60.2.1-1.el6 @slf-security
firefox.i686 60.2.1-1.el6 slf-security
firefox-debuginfo.i686 60.2.2-1.el6 slf-debuginfo
firefox-debuginfo.x86_64 60.2.2-1.el6 slf-debuginfo
Andrei
On Mon, 8 Oct 2018, Scott Reid wrote:
> Synopsis: Critical: firefox security update
> Advisory ID: SLSA-2018:2881-1
> Issue Date: 2018-10-08
> CVE Numbers: CVE-2018-12386
> CVE-2018-12387
> --
>
> This update upgrades Firefox to version 60.2.2 ESR.
>
> Security Fix(es):
>
> * Mozilla: type confusion in JavaScript (CVE-2018-12386)
>
> * Mozilla: stack out-of-bounds read in Array.prototype.push
> (CVE-2018-12387)
> --
>
> SL6
> x86_64
> firefox-60.2.2-1.el6.x86_64.rpm
> firefox-debuginfo-60.2.2-1.el6.x86_64.rpm
> firefox-60.2.2-1.el6.i686.rpm
> firefox-debuginfo-60.2.2-1.el6.i686.rpm
> i386
> firefox-60.2.2-1.el6.i686.rpm
> firefox-debuginfo-60.2.2-1.el6.i686.rpm
>
> - Scientific Linux Development Team
>