tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Is is time to rename firefox?



On Thu, 19 Feb 2009, Tim Zingelman wrote:

On Thu, 19 Feb 2009, OBATA Akio wrote:

On Thu, 19 Feb 2009 19:13:30 +0900, Thomas Klausner <wiz%netbsd.org@localhost> 
wrote:

On Thu, Feb 19, 2009 at 09:47:10AM +0100, Martin Husemann wrote:
It is not maintained any more, so an increasing security risk - I don't think
we do anyone a favour in still distributing it.

If this is official, please add an entry to eol-packages and
pkg-vulnerabilities.

It is already noted in both files.


Patches are available for firefox 2.0.0.20 to fix the latest security issues reported:

CVE-2009-0355
CVE-2009-0356
CVE-2009-0357

http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/firefox/files/
patch-ff-380418
patch-ff-460425
patch-ff-466937

I am happy to generate patches for the package to incorporate them and bump the version to 2.0.0.20.

In particular, if www/firefox3 will not be moved to www/firefox I'd argue that keeping the old package around a little while longer is justifiable.

I have yet to get a build of firefox3 from pkgsrc that is stable on solaris 10 sparc... (or FreeBSD 6.3 x86 for that matter.)

        I am in no hurry to remove firefox2, but maybe we should leave
        firefox3 as www/firefox3 and rename firefox2 to www/firefox2 ?
--
                David/absolute       -- www.NetBSD.org: No hype required --


Home | Main Index | Thread Index | Old Index