On Thu, 19 Feb 2009, OBATA Akio wrote:
On Thu, 19 Feb 2009 19:13:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> wrote:On Thu, Feb 19, 2009 at 09:47:10AM +0100, Martin Husemann wrote:It is not maintained any more, so an increasing security risk - I don't think we do anyone a favour in still distributing it.If this is official, please add an entry to eol-packages and pkg-vulnerabilities.It is already noted in both files.
Patches are available for firefox 2.0.0.20 to fix the latest security issues reported:
CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/firefox/files/ patch-ff-380418 patch-ff-460425 patch-ff-466937I am happy to generate patches for the package to incorporate them and bump the version to 2.0.0.20.
In particular, if www/firefox3 will not be moved to www/firefox I'd argue that keeping the old package around a little while longer is justifiable.
I have yet to get a build of firefox3 from pkgsrc that is stable on solaris 10 sparc... (or FreeBSD 6.3 x86 for that matter.)
Thanks, - Tim