[arch-security] [seamonkey] multiple CVE's
Jens Adam
jra at byte.cx
Thu May 22 08:22:46 EDT 2014
Hi all,
I want to ask why the seamonkey packages still haven't been updated.
Flagged for almost three weeks, maintainer active the whole time, and as
usual for a browser, every new version means lots of fixed vulnerabilites:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
I could have poked the maintainer (cc'd) via mail/irc, but my main
motivation for this mail was to ask about the proper way of dealing with
cases like this one.
Bugtracker states "REPEAT: Do NOT report bugs for outdated packages!" ...
plus I would probably be unsure about proper usage of project, category,
severity, summary formatting and so on.
[quite some time later] ... and by now I've read Allan's mail
https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html
and found https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team
... so yeah, seems like I got my answers. ;-)
Last but not least:
Hi, I'm Jens, also known as 'jra' (on IRC) or 'byte' (everywhere else),
been using Arch since 'Noodles', and after a couple of years of absence
from the Arch community I subscribed to almost all lists yesterday,
trying to get up to things again.
(btw: the listinfo overview is missing a description for this list)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140522/f6b5cb5c/attachment.asc>
More information about the arch-security
mailing list