There are five vulnerabilities corrected in 31.6.0 ESR. Two of them are listed as critical. However, one of the critical ones only applies if you are using the Fluendo mp3 plugin. The other just refers to general memory safety hazards.

I guess it depends on your usage as to whether or not you should be concerned about any of the vulnerabilities.

your missing the two critical and interrelated vulnerabilities fixed in 31.5.2 and 31.5.3 that have not been updated in 14.1 as 14.1 is on version 31.5.0, they are right on the webpage you linked. The fix in 31.5.2 was released 28 days ago.

Those vulnerabilities actually have known exploits, and require no user interaction, work on stock firefox and the only way you can protect yourself without updating, is to turn of javascript completely, NoScript might not help you either because the second exploit can make firefox think the script has the same origin as another allowed script you might be running. I'm not completely sure turning of javascript completely would be adequate.

3 members found this post helpful.

ARM is, I think, maintained by Stuart Winter (drmozes). For S/390, see this. But S/390 seems dead, last -current updates were in 2009.

1 members found this post helpful.

Thanks. I completely ignored the post indicating 14.1 was on 31.5.0. I just made the (bad) assumption it was on the latest of the 31.5 line.

If for no other reason than citing Congressman/VP/President Francis Underwood (FU), this post merits a laurel and hardy +999!

You don't feel like explaining your position, but you do feel like whining about it.

Passive aggressive behavior is not in short supply in your case. If you do have something to say, say it.

1 members found this post helpful.

Oh, I did, D.H.
You might have read that far, by now.

He's spending his $2.8 billion.

I'm looking forward to the updates. I predict that 14.2 will be first rate.

Please be patient.
When the big update arrived, you will understand why it took so long to brew all those packages.
And i believe we all will be pleased with the smooth update in -current just like what we had so far. It's all due to carefull testing by Pat before he released it to public.

I'm sure it's worth to wait

13 members found this post helpful.

Not only that, but look at the queue of package updates that Robby pushed into the inbox as well. If you followed the massive submission of packages Bartgymnast started and everyone tracked down, the list was a full mile long of packages that could be submitted and used in 14.2. Plus many packages have been forked out into new versions like procps-ng, ConsoleKit2, etc. that are going to need some serious testing prior to finalization.

Trust those of us who have private repos when we say 14.2 when released is going to not just be great, but equally a groundbreaking release of Slackware worth the wait.

3 members found this post helpful.

Pat's busy backporting kdbus to 3.14, leave him alone.

1 members found this post helpful.

I would feel amiss if I did not clarify what I meant by cwizardone "nailed it".
https://www.linuxquestions.org/quest...ml#post5348142
I meant that he was right: pretty much the entire distribution does need recompiling/re-working.
The "blame" lies with upstream/freedesktop.org's sloppy work, apparently.
My apologies to cwizardone and everyone else for not making that clear.
FWIW, IMO, putting up with a rough patch like this in Slackware, beats the hell out of living with a constant rash in some other distro.
Also, I think it would help if people stopped looking to Patrick as a "leader".
I prefer to think of him as a mysterious wizard who makes my computer come to life.
We all know there are many places upstream that push half-baked, hipster crap, and the fact that out BDFL consistently wrests sanity from their madness speaks for itself.

5 members found this post helpful.

I'd like to give kdbus a backport, but the output might not be favorable.

Thanks Willy!

I quietly await greatness for my -current install.