mozilla security/EOL (SSA:2006-114-01)
Posted on: 04/25/2006 09:36 AM

New Mozilla packages are available for Slackware 10.0, 10.1, 10.2 and -current to fix multiple security issues.

More details about the issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla

Also note that this release marks the EOL (End Of Life) for the Mozilla Suite series. It's been a great run, so thanks to everyone who put in so much effort to make Mozilla a great browser suite. In the next Slackware release fans of the Mozilla Suite will be able to look forward to browsing with SeaMonkey, the Suite's successor. Anyone using an older version of Slackware may want to start thinking about migrating to another browser -- if not now, when the next problems with Mozilla are found.

Although the "sunset announcement" states that mozilla-1.7.13 is the final mozilla release, I wouldn't be too surprised to see just one more since there's a Makefile.in bug that needed to be patched here before Mozilla 1.7.13 would build. If a new release comes out and fixes only that issue, don't look for a package release on that as it's already fixed in these packages. If additional issues are fixed, then there will be new packages. Basically, if upstream un-EOLs this for a good reason, so will we.

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-1.7.13-i486-1.tgz: Upgraded to mozilla-1.7.13.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
This release marks the end-of-life of the Mozilla 1.7.x series:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
Mozilla Corporation is recommending that users think about
migrating to Firefox and Thunderbird.
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-1.7.13-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.13-i486-1.tgz


MD5 signatures:
+-------------+

Slackware 10.0 packages:
68854f3ff3df3abe499554a09f5936e8 mozilla-1.7.13-i486-1.tgz
506940dd673f5f199f8b829581f70c03 mozilla-plugins-1.7.13-noarch-1.tgz

Slackware 10.1 packages:
54066af072c28489efaf080ad6751936 mozilla-1.7.13-i486-1.tgz
2296ff82e5b753f5d43da07d46850481 mozilla-plugins-1.7.13-noarch-1.tgz

Slackware 10.2 package:
ac7d2d23a475418fdf29d4c0f70929da mozilla-1.7.13-i486-1.tgz

Slackware -current package:
bc5f54cf5af6a2917c751699b06391a0 mozilla-1.7.13-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mozilla-1.7.13-i486-1.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mozilla_securityeol_ssa2006_114_01.html)