Re: Vulnerabilities fixed in 60.2 and 60.1

Sat, 08 Sep 2018 12:45:17 -0700

The vulnerabilities in 60.1 are basically fixed in 2.49.4. 52.9 and 60.1 did overlap.
Support for 52 ESR has ended. 2.57 is not yet ready so I backported the fixes for 60.2 which did apply. Bills build does contain them. ewong is currently setting up a new infrastructure for SeaMonkey outside of the mozilla infrastructure so 2.49.5 will be delayed. If you want them now use Bills build or compile yourself from latest esr52 sources with the fixes on Bills website. I was unable to backport 4 bugs because they would need extensive refactoring. Looking at them I think they have a minimum security impact and nothing I would or do worry about. 

> I think maybe it would be good to have a list of security vulnerabilities
> and where the fix is.


I exported everything changes between 60.1 and 60.2. Tossed away patches which 
were clearly not needed e.g. infrastructure only or for new components. The 
result are the fixes named mozilla-esr60_xxxxx.patch from here:


http://www.wg9s.com/comm-esr/patches/mozilla-249/


The others are infrastructure or fixes from the previous shared Thunderbird 
and SeaMonkey 2.49 branch. The ones starting with 9999999 are private fixes 
not yet in any tree. The XP SP3 prerequisite patch probably won't make it into 
any official tree ever.



If you compile yourself you can now use VS2017 and latest Rust. For gcc use 
gcc 5.xx for best results.


FRG


Richmond wrote:

Do these vulnerabilities apply to Seamonkey? (I think yes) Will they get
fixed?

https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/

I see this question was asked here:

https://groups.google.com/forum/#!topic/mozilla.support.seamonkey/bt_sxMUd4Pc

The answer was to go here:

http://www.wg9s.com/comm-esr/

But where does this build come from? Maybe I need to get the source from
hg and compile again? My build is from 3/August/2018. I think maybe it
would be good to have a list of security vulnerabilities and where the
fix is.


_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey






















					Reply via email to