I noticed today Firefox was updated to 117.0.1 which fixes CVE-2023-4863
(more info: Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla)
However, this was not done for Thunderbird which has fix in 115.2.2 (currently 115.2.0 in the repo)
The same thing goes for Brave which is also affected by the same vulnerability but has been not updated since (fortunately there is an updated version in the AUR).
Could you (Manjaro Team) have a curated list of application for which updates would be pushed automatically (like Firefox, Vivaldi, Thunderbird, Discord, etc.)?
Most repo packages are inherited directly from Arch including
thunderbird. Arch has not yet updated
brave-browser-beta. They will be updated soon.
We already fast track security updates for packages like
Protip: you can easily see which packages are overlayed by manjaro and which are directly from arch if you look at the email address of the packager in the package details.
Brave 1.57.64 stable is online now
Although I know that, I forgot to check if Arch itself has updated Thunderbird. Sorry for the confusion!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.