(New to Kubuntu/ Linux) Update/ upgrade difficulties Thunderbird.
NoOp
glgxg at sbcglobal.net
Wed Nov 21 18:13:30 UTC 2007
On 11/21/2007 04:15 AM, Derek Broughton wrote:
> NoOp wrote:
>
>>
>> Ubuntu's version is outdated; TB is now at 2.0.0.9 to fix a couple of
>> security issues:
>>
>>
> <http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird2.0.0.9>
>
> I really wish people would stop spreading this sort of FUD about Ubuntu.
> Check the changelogs _before_ making a statement like this, please.
>
> By definition, packages in a stable release of either Ubuntu or Debian will
> not get version updates (except in a -backports repository). So,
> thunderbird in Gutsy will probably always be version 2.0.0.8. However,
> security vulnerabilities will be fixed by applying the patch to the
> _stable_ code - as has been done on 2.0.0.8 (note, the two vulnerabilities
> noted in the link above are the first and last of this changelog):
>
> $ aptitude changelog thunderbird
> thunderbird (2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10) gutsy-security;
> urgency=low
>
> * 2.0.0.8 security/stability update (pre fetched from CVS):
> * MFSA 2007-29 aka CVE-2007-5339 (browser), CVE-2007-5340 (javascript)
> * MFSA 2007-30 aka CVE-2007-1095
> * MFSA 2007-31 aka CVE-2007-2292
> * MFSA 2007-32 aka CVE-2007-3511, CVE-2006-2894
> * MFSA 2007-33 aka CVE-2007-5334
> * MFSA 2007-34 aka CVE-2007-5337
> * MFSA 2007-35 aka CVE-2007-5338
> * MFSA 2007-36 aka CVE-2007-4841 (windows only)
>
You are correct & thanks for pointing that out *and* the command to view
the changes. Perhaps the solution to alleviating future FUD would be to
change the revision to 2.0.0.9 in order to maintain the revision
numbering in the source product.
More information about the kubuntu-users
mailing list