Hi Andrei, The Security updates for SLF go out the week following the SL updates. This particular update should be available next Tuesday. The debuginfo repo is shared between SL and SLF, so you may see the debuginfo before the security update is available.
Thanks! On 10/9/18, 11:23 AM, "Andrei Gaponenko" <ga...@fnal.gov> wrote: Hello, On an SLF6 system I see an updated debuginfo, but still not the main firefox package. Did something go wrong, or should I just wait longer? mu2epix01 ~$ yum clean all Loaded plugins: priorities, protectbase, refresh-packagekit, security Cleaning repos: epel osg slf slf-security slf6x slf6x-security Cleaning up Everything mu2epix01 ~$ yum --enablerepo='*' list all | grep firefox firefox.x86_64 60.2.1-1.el6 @slf-security firefox.i686 60.2.1-1.el6 slf-security firefox-debuginfo.i686 60.2.2-1.el6 slf-debuginfo firefox-debuginfo.x86_64 60.2.2-1.el6 slf-debuginfo Andrei On Mon, 8 Oct 2018, Scott Reid wrote: > Synopsis: Critical: firefox security update > Advisory ID: SLSA-2018:2881-1 > Issue Date: 2018-10-08 > CVE Numbers: CVE-2018-12386 > CVE-2018-12387 > -- > > This update upgrades Firefox to version 60.2.2 ESR. > > Security Fix(es): > > * Mozilla: type confusion in JavaScript (CVE-2018-12386) > > * Mozilla: stack out-of-bounds read in Array.prototype.push > (CVE-2018-12387) > -- > > SL6 > x86_64 > firefox-60.2.2-1.el6.x86_64.rpm > firefox-debuginfo-60.2.2-1.el6.x86_64.rpm > firefox-60.2.2-1.el6.i686.rpm > firefox-debuginfo-60.2.2-1.el6.i686.rpm > i386 > firefox-60.2.2-1.el6.i686.rpm > firefox-debuginfo-60.2.2-1.el6.i686.rpm > > - Scientific Linux Development Team >