[arch-security] [seamonkey] multiple CVE's

Jens Adam jra at byte.cx
Thu May 22 08:22:46 EDT 2014

Hi all,

I want to ask why the seamonkey packages still haven't been updated.

Flagged for almost three weeks, maintainer active the whole time, and as
usual for a browser, every new version means lots of fixed vulnerabilites:

I could have poked the maintainer (cc'd) via mail/irc, but my main
motivation for this mail was to ask about the proper way of dealing with
cases like this one.

Bugtracker states "REPEAT: Do NOT report bugs for outdated packages!" ...
plus I would probably be unsure about proper usage of project, category,
severity, summary formatting and so on.

[quite some time later] ... and by now I've read Allan's mail
and found https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team
... so yeah, seems like I got my answers. ;-)

Last but not least:
Hi, I'm Jens, also known as 'jra' (on IRC) or 'byte' (everywhere else),
been using Arch since 'Noodles', and after a couple of years of absence
from the Arch community I subscribed to almost all lists yesterday,
trying to get up to things again.

(btw: the listinfo overview is missing a description for this list)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140522/f6b5cb5c/attachment.asc>

More information about the arch-security mailing list