Unable to open tar.gz
Mario Vukelic
mario.vukelic at dantian.org
Thu Sep 13 05:26:57 UTC 2007
On Wed, 2007-09-12 at 19:13 -0700, NoOp wrote:
> The problem with that is that on Feisty Synaptic only installs version
> 1.5 which has some serious outstanding security issues. See:
>
> http://www.mozilla.org/projects/security/known-vulnerabilities.html
> http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
>
> Supposedly Ubuntu's releases claim to fix security issues in whatever
> version they offer in the repos (and this would include 1.5), however in
> such cases I tend to lean toward installing releases via the vendor.
Don't needlessly scare the OP. For one, the site you linked to shows not
a single outstanding fix in Thunderbird 1.5. In addition, is needlessly
alarming to phrase it as you did "claim to fix security issues". It is a
long-standing Debian tradition to backport security fixes to the stable
release, and Ubuntu just follows this tradition with good reason: it is
the only way to guarantee a secure AND stable environment in a stable
release. There is no case I would have heard of in nearly a decade where
this practice failed. Plus, it is not a questions of blind trust, you
can compare the Ubuntu and Mozilla security announcements and read the
Ubuntu patches if you are concerned.
https://lists.ubuntu.com/archives/ubuntu-security-announce/
More information about the ubuntu-users
mailing list