[arch-security] [seamonkey] multiple CVE's
jra at byte.cx
Thu May 22 08:22:46 EDT 2014
I want to ask why the seamonkey packages still haven't been updated.
Flagged for almost three weeks, maintainer active the whole time, and as
usual for a browser, every new version means lots of fixed vulnerabilites:
I could have poked the maintainer (cc'd) via mail/irc, but my main
motivation for this mail was to ask about the proper way of dealing with
cases like this one.
Bugtracker states "REPEAT: Do NOT report bugs for outdated packages!" ...
plus I would probably be unsure about proper usage of project, category,
severity, summary formatting and so on.
[quite some time later] ... and by now I've read Allan's mail
and found https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team
... so yeah, seems like I got my answers. ;-)
Last but not least:
Hi, I'm Jens, also known as 'jra' (on IRC) or 'byte' (everywhere else),
been using Arch since 'Noodles', and after a couple of years of absence
from the Arch community I subscribed to almost all lists yesterday,
trying to get up to things again.
(btw: the listinfo overview is missing a description for this list)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: not available
More information about the arch-security