On Fri, Nov 23, 2018 at 01:57:28PM +0100, Antoine Jacoutot wrote: > On Fri, Nov 23, 2018 at 01:47:24PM +0100, Landry Breuil wrote: > > On Fri, Nov 23, 2018 at 04:37:10PM +0500, Артур Истомин wrote: > > > Good day! > > > > > > Firefox ESR version in ports 60.2.2, but latest version ESR is 60.3 > > > released on october > > > 23, where has been fixed at least 2 critical and 3 high security > > > vulnerabilities > > > (see https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/) > > > > > > To update firefox to latest non-vuln version should i update OpenBSD and > > > ports to > > > 6.4? > > > > https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/firefox-esr/distinfo?only_with_tag=OPENBSD_6_4 > > That is 6.4 :-)
Yes, and the policy in https://www.openbsd.org/faq/ports/ports.html#PortsSecurity states that's "the -stable ports tree only gets security backports for the latest release." - thus 6.3 is EOL portswise. Landry
