SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So are people saying that firefox 31.5.0 ESR is a reasonably secure version of firefox to run on my 14.1 Slackware, and that there is no overly compelling reason for this to be updated.
There are five vulnerabilities corrected in 31.6.0 ESR. Two of them are listed as critical. However, one of the critical ones only applies if you are using the Fluendo mp3 plugin. The other just refers to general memory safety hazards.
I guess it depends on your usage as to whether or not you should be concerned about any of the vulnerabilities.
There are five vulnerabilities corrected in 31.6.0 ESR. Two of them are listed as critical. However, one of the critical ones only applies if you are using the Fluendo mp3 plugin. The other just refers to general memory safety hazards.
I guess it depends on your usage as to whether or not you should be concerned about any of the vulnerabilities.
your missing the two critical and interrelated vulnerabilities fixed in 31.5.2 and 31.5.3 that have not been updated in 14.1 as 14.1 is on version 31.5.0, they are right on the webpage you linked. The fix in 31.5.2 was released 28 days ago.
Those vulnerabilities actually have known exploits, and require no user interaction, work on stock firefox and the only way you can protect yourself without updating, is to turn of javascript completely, NoScript might not help you either because the second exploit can make firefox think the script has the same origin as another allowed script you might be running. I'm not completely sure turning of javascript completely would be adequate.
Last edited by pataphysician; 04-17-2015 at 11:08 PM.
your missing the two critical and interrelated vulnerabilities fixed in 31.5.2 and 31.5.3 that have not been updated in 14.1 as 14.1 is on version 31.5.0, they are right on the webpage you linked. The fix in 31.5.2 was released 28 days ago.
Thanks. I completely ignored the post indicating 14.1 was on 31.5.0. I just made the (bad) assumption it was on the latest of the 31.5 line.
I think the only thing (s)he nailed is his/her incorrect belief that (s)he is owed updates. Where does (s)he have a contract with Pat to provide updates?
We are all at the gracious mercy of Patrick. We all want updates, but that doesn't mean that we are entitled to them. To quote the great (albeit a bit crazy) Frank Underwood, "You are entitled to nothing!"
If for no other reason than citing Congressman/VP/President Francis Underwood (FU), this post merits a laurel and hardy +999!
There are those who have read this thread and know what I was trying to say without having to be so blunt as to spell it out. We've been through this before and I don't feel like having to explain it again, but to give you a clue, it is about a trait some people seem to be born with and others can learn, but like commonsense, it seems to be in short supply these days.
You don't feel like explaining your position, but you do feel like whining about it.
Passive aggressive behavior is not in short supply in your case. If you do have something to say, say it.
Please be patient.
When the big update arrived, you will understand why it took so long to brew all those packages.
And i believe we all will be pleased with the smooth update in -current just like what we had so far. It's all due to carefull testing by Pat before he released it to public.
Not only that, but look at the queue of package updates that Robby pushed into the inbox as well. If you followed the massive submission of packages Bartgymnast started and everyone tracked down, the list was a full mile long of packages that could be submitted and used in 14.2. Plus many packages have been forked out into new versions like procps-ng, ConsoleKit2, etc. that are going to need some serious testing prior to finalization.
Trust those of us who have private repos when we say 14.2 when released is going to not just be great, but equally a groundbreaking release of Slackware worth the wait.
I would feel amiss if I did not clarify what I meant by cwizardone "nailed it". https://www.linuxquestions.org/quest...ml#post5348142
I meant that he was right: pretty much the entire distribution does need recompiling/re-working.
The "blame" lies with upstream/freedesktop.org's sloppy work, apparently.
My apologies to cwizardone and everyone else for not making that clear.
FWIW, IMO, putting up with a rough patch like this in Slackware, beats the hell out of living with a constant rash in some other distro.
Also, I think it would help if people stopped looking to Patrick as a "leader".
I prefer to think of him as a mysterious wizard who makes my computer come to life.
We all know there are many places upstream that push half-baked, hipster crap, and the fact that out BDFL consistently wrests sanity from their madness speaks for itself.
Please be patient.
When the big update arrived, you will understand why it took so long to brew all those packages.
And i believe we all will be pleased with the smooth update in -current just like what we had so far. It's all due to carefull testing by Pat before he released it to public.
I'm sure it's worth to wait
Thanks Willy!
I quietly await greatness for my -current install.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.