SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2015-01-16 14:45:23

hhh
Cityspeak
Registered: 2010-08-04
Posts: 3,253

!!! Iceweasel 31.3.0esr Security Bugs !!!

I noticed yesterday that Firefox had released 31.4.0esr on Jan. 13th. The version is available in sid so it's just a matter of time till it makes it to testing, but it fixes 4 security advisories, including a critical one...
https://www.mozilla.org/en-US/security/ … refox-esr/

Since jessie still didn't have the new version just now, I've gone ahead and installed it from sid. Others might want to do the same.

Cheers.


bunsenlabs     8)     forum mod squad

Offline

Be excellent to each other!

#2 2015-01-20 15:28:02

jalexander9
#! Member
From: USA
Registered: 2014-05-16
Posts: 86

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Thanks for the heads up on these 'Iceweasel' package upgrades...hhh....!

But, when trying to perform an update && upgrade yesterday, the apt-listbugs package found/parsed
the new Iceweasel-31.4.0esr package as containing bugs.

Short ending= Manual install of all other packages for update && upgrade.


Intel Pentium 4 150 GB HDD 4 GB RAM

Offline

#3 2015-01-20 17:59:25

damo
#! gimpbanger
From: N51.5 W002.8 (mostly)
Registered: 2011-11-24
Posts: 5,434

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

jalexander9 wrote:

Thanks for the heads up on these 'Iceweasel' package upgrades...hhh....!

But, when trying to perform an update && upgrade yesterday, the apt-listbugs package found/parsed
the new Iceweasel-31.4.0esr package as containing bugs.

Short ending= Manual install of all other packages for update && upgrade.

Why not do

sudo apt-mark hold iceweasel && sudo apt-get update && sudo apt-get upgrade

Then unhold it after the bugs have cleared. Then you don't need to do any manual upgrading of packages


BunsenLabs Group on deviantArt
damo's gallery on deviantArt
Openbox themes
Forum Moderator smile

Offline

#4 2015-01-20 19:07:51

hhh
Cityspeak
Registered: 2010-08-04
Posts: 3,253

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Or uninstall apt-listbugs.  tongue

I'm not seeing that ewarning when I apt-get update.  Iceweasel-31.4.0esr is in wheezy and jessie now.

https://tracker.debian.org/pkg/iceweasel
https://lintian.debian.org/maintainer/p … 1.4.0esr-1


bunsenlabs     8)     forum mod squad

Offline

#5 2015-01-20 20:38:28

jalexander9
#! Member
From: USA
Registered: 2014-05-16
Posts: 86

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Thanks ...damo..and ..hhh..., will use all of your suggestions in the near future.

I decided to install alternative browser(s) like chromium (others?) and  test a few websites,
until the Iceweasel package has been sufficiently parsed/fixed.


Intel Pentium 4 150 GB HDD 4 GB RAM

Offline

#6 2015-01-29 08:42:44

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Shouldn't babble anything, still though, going 2 anyway.

Sheesh ... yesterday Firefox 35 just had a security update come down the pipe on win8.1 and had just installed it ( FF v 35), likely same applies to gnu/nix variation of FF too. So now it's FF v 35.01. Mozilla backport should contain latest IceW version. This is one of my gripes w the whole IW vs FF thing. The blessed Debian threw a fit about some vague proprietary software reason why FF was no longer kosure and thus was born Iceweasel.

Edit: Actually do have a theory as to why this actually came about. There are reason$ imo. Draw your own conclusions though and Debian + people involved are frickin awesome, whatever anyone says/thinks. smile

Though to me, no matter what ... IW doesn't make any sense, backporting it doesn't make any sense either, the whole situation doesn't make any sense. ( and I personally adore the awesome folks involved w Debian.)
But keep hearing over n over IW is FF, only diff branding. If that's the case, why all this foolish nonsense about not just allowing Firefox ?

It's obvious, the way it's set up that there is going to be lag involved. Even if Mozilla is managing the backport for example. There's still going to be some lag, when a new version of Fox comes out or a major bug gets found and patched. They've still got to get it into the Debian repo's/backport, rebrand it, do this and that etc.

Seriously doubt in terms of Sec it's going to matter over-much. Though still is creating a stupid situation ( where none need even exist) and leaving gnu/Nix users w pants down longer than is necessary, even if it's only a brief window. This nonsense has also caused probs for #! users too and again it's STUPID, shrugs.

1st showed up here, IW 3.5, all the cool kids had like FF v 9 or so. Said to self, self ... wtf is going on ? Figured out how to run latest FF ( or any combination imaginable of FF + IW) and other latest browsers. Self then said self, did we ever figure out wtf was going on ? Self ... said nope, not yet and then shared how to do it with the rest of the crunch community who would also be wondering wtf was going on. Also not wanting an ancient version of their web-browser(s)

That info ... will still work on every branch of Debian, any Debian-based and pretty much every distribution of gnu/nix in the world. Although I should do a stream-lined updated tute to put it all together w a bow, am not planning on it. Having to put IW on hold, again wtf ?

Then said self, a lot of good nixers in the community seem confused about IW. Shouldn't you post something to help out ? Self said yeah, why not. Posted it, advising folks of the stupid pin-priority 1001 the #! repos had ( still have ?)

Uncomfortable disclosure:

Is not meant as an insult to Core, mentioned more than once and do like and have mucho respect for the guy. Think the IW thing was some misguided attempt to stay true to Debian principles and the pin-priority 1001 thing a misguided attempt to get a tiny measure of the appreciation the guy is due. Keeping the branded IW where it was put. Plus in ways to avoid potential borkage among bangers, not getting the limited number of packages that were being maintained in the #! repo ( if it's still around.) Borked up and pulled out.

Have griped in threads I know Core was participating in trying to urge him into letting #!'ers use FF. Some other major browser(s) ie: Chrome instead of chromium etc etc blahblah. He's a kickbutt guy in my view, has spent years of his life distrib #! and it's not in any way my place to criticize whatever he feels is the right thing to do ... PERIOD.

Can say for me, more so than an influx of toxic nixers and a dramatic outflux of tons of kickbutt nixers. The seeming unwillingness to make improvements that could benefit the distro + community was a factor in making me not want to be involved w it anymore. Am 100% sure quite a few others felt the same and could give a metric shizzleton of examples. Where progress was made, then retracted. Easy and effective suggestions made and nope, not happening.

Anyway #! and the Crunch-crowd are still kickbutt. Still 100% think Corenominal is a kickbutt nixer. Yes ... this is on topic, if you want to dig through my post history, folks will find the secret sauce for just going ahead and getting the latest FF ( or IW if you insist.) Sighs ... whatever, babble, babble.

Vl#!!

Last edited by CBizgreat! (2015-01-29 09:06:31)


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

#7 2015-01-29 09:30:15

Rocky
#! Member
From: Ireland
Registered: 2014-06-03
Posts: 56

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

I thought it was Mozilla had the issue with Debian patching "Firefox" and so would not permit Debian use the name Firefox ? Not really up on this issue so I might be mistaken


"All that glisters is not gold"

Offline

#8 2015-01-29 09:39:11

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

^ You may be right Rocky, seen diff versions or the why's and who's. Honestly can't make much sense out of the subject overall to tell the truth. Firefox is opensource, as the 4 million forks and variants attest, Debian the same as the 4 gazillion Debian-based attest.

Also thought a Mozilla is getting/acting too Corp could've played a role but end of dy, the projs have way more in common, than differences and to me doesn't make a great deal of sense, shrugs. Used FF since before the sucker went v 1.0. Want plain ole FF whatever platform am using. Another bennie of running FF from a .folder ( in gnu/nix .... technically more often referred to as directory, so make that .dot directory I guess. If someone insists on splitting hairs. wink )

Updates independent of package management, latest version and updates do likewise. Plus again, if ya wanna split hairs, fire foxes probably EAT ice weasels in the grand game of life or at least they smack em around if they feel like it when the two encounter ea other. tongue

Vll! and why not VLFW! = ( Viva la Fireweasel ! )

Edit: Though my current desktop background is an adorable creature called a short-tailed weasel or stoat. They are unbelievably friggin cute imo and da lil feckers are apparently quite tough and fearless. Thus in my world, worthy of admiration.

Hit up google images if you want to see these adorable lil buggers. Seen pics of them having taken down a rabbit that's several times their body weight. So if Debian wants to rename IW, shorttailed-iceweasel, will probably consider switching to it or at least running it alongside FF. Once again, it's not the size of the weasel in the fight, tis the size of the fight in da weasel. big_smile

Last edited by CBizgreat! (2015-01-29 09:48:17)


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

#9 2015-01-29 09:54:25

hhh
Cityspeak
Registered: 2010-08-04
Posts: 3,253

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Rocky wrote:

I thought it was Mozilla had the issue with Debian patching "Firefox" and so would not permit Debian use the name Firefox ? Not really up on this issue so I might be mistaken

Debian's issue is Jon Hicks' non-free logos, Mozilla's subsequent issue was Debian using the names Thunderbird and Firefox when they weren't being branded with said logos...
http://en.wikipedia.org/wiki/Mozilla_Co … #Iceweasel
http://www.hicksdesign.co.uk/journal/branding-firefox
http://www.hicksdesign.co.uk/journal/thunderbird


bunsenlabs     8)     forum mod squad

Offline

#10 2015-01-29 09:58:51

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

^ Thanks for that info Hhh. Jibes w what I'd heard too, so hey, dang it, hopefully wasn't wrong, yay ! Have to pop off and read the links provided.

Vl#!! smile


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

#11 2015-01-29 10:09:47

hhh
Cityspeak
Registered: 2010-08-04
Posts: 3,253

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Oh yeah, Easter eggs. In FF or Iceweasel, enter about:mozilla in the url bar, and then in Iceweasel about:iceweasel. Also, in both, about:robots. I can't remember if there are others.

-edit- wrong about:

-edit 2- about:about lists all the about pages

Last edited by hhh (2015-01-29 10:16:46)


bunsenlabs     8)     forum mod squad

Offline

#12 2015-01-29 11:42:57

CBizgreat!
#! Die Hard
Registered: 2011-07-27
Posts: 1,865

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Not trying to jack the thread but apologize to H, if it comes off that way. Just wanted to babble something, about something I babbled further up. Cross link.

Will shut it now. Vll! smile


Some common cbiz abbreviations. This will save me time and yet @ same time tell folks what the babble is supposed to mean.

Vll ! = ( Viva la gnu/Linux !)    Vl#!! = ( Viva la #! !)    Last but not least, UD ... OD ! = ( Use Debian ... or die !) tongue

Offline

#13 2015-01-29 15:53:05

AnInkedSoul
#! CrunchBanger
Registered: 2010-06-30
Posts: 232

Re: !!! Iceweasel 31.3.0esr Security Bugs !!!

Rocky wrote:

I thought it was Mozilla had the issue with Debian patching "Firefox" and so would not permit Debian use the name Firefox ?

Pretty much it nowadays.

Basically if you want to use the branding then you have to use the code that mozilla supplies without changing it or you have to get those changes approved by mozilla. Needless to say that does not work for debian especially since debian promises that those downstream have the right to make any changes they wish and redistribute those changes as well. So debian would have to get permission for themselves as well as those downstream....which mozilla isn't going to go along with. So this issue is the real show stopper.

There was a issue with the logo but it was fixed about five years ago.

There are some issues with some other icons/favicons but that isn't a big issue.

There are also (or was) some non-free binary files included in the source tarball but those are usually just discarded so not a big issue either.

But the iceweasel maintainer works for mozilla now(or did last time I checked) so I suspect he is about as good of a maintainer as you are going to find for iceweasel. That being said, I am sure he could use some help maintaining multiple iceweasel versions for the various debian falvors.

by the way iceweasel v35 is in experimental if ya really want it

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat

Debian Logo