Kjplay
13 September 2023 15:49
1
I noticed today Firefox was updated to 117.0.1 which fixes CVE-2023-4863
(more info: Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla )
However, this was not done for Thunderbird which has fix in 115.2.2 (currently 115.2.0 in the repo)
The same thing goes for Brave which is also affected by the same vulnerability but has been not updated since (fortunately there is an updated version in the AUR).
Could you (Manjaro Team) have a curated list of application for which updates would be pushed automatically (like Firefox, Vivaldi, Thunderbird, Discord, etc.)?
Most repo packages are inherited directly from Arch including firefox
and thunderbird
. Arch has not yet updated thunderbird
.
Manjaro packages brave-browser
and brave-browser-beta
. They will be updated soon.
We already fast track security updates for packages like chromium
, firefox
, thunderbird
, vivaldi
, brave-browser
, etc.
2 Likes
Teo
13 September 2023 16:09
3
Protip: you can easily see which packages are overlayed by manjaro and which are directly from arch if you look at the email address of the packager in the package details.
Ste74
13 September 2023 16:49
4
Brave 1.57.64
stable is online now
Kjplay
13 September 2023 22:19
6
Although I know that, I forgot to check if Arch itself has updated Thunderbird. Sorry for the confusion!
system
Closed
16 September 2023 12:19
7
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.