[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Web functionality; was Re: Debian release criteria.

On Sun 08 Jan 2023 at 07:53:11 (-0800), peter@easthope.ca wrote:

> My primary interest: if many Web sites appear and perform as five 
> years ago, what is the need for the frequent updates?  A bug needs 
> repair a.s.a.p.  A bug compromising security needs repair sooner.  
> Are most Firefox updates security critical?

Judge for yourself:

$ zcat /usr/share/doc/firefox-esr/changelog.Debian.gz | head -n 240 | grep -e CVE -e '^ --'
    CVE-2022-46880, CVE-2022-46872, CVE-2022-46881, CVE-2022-46874,
    CVE-2022-46882, CVE-2022-46878.
 -- Mike Hommey <glandium@debian.org>  Wed, 14 Dec 2022 07:48:39 +0900
    CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406,
    CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411,
    CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420,
    CVE-2022-45421.
 -- Mike Hommey <glandium@debian.org>  Wed, 16 Nov 2022 06:20:30 +0900
    CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932.
 -- Mike Hommey <glandium@debian.org>  Wed, 19 Oct 2022 05:04:39 +0900
    CVE-2022-40959, CVE-2022-40960, CVE-2022-40958, CVE-2022-40956,
    CVE-2022-40957, CVE-2022-40962.
 -- Mike Hommey <glandium@debian.org>  Wed, 21 Sep 2022 06:58:15 +0900
    CVE-2022-38472, CVE-2022-38473, CVE-2022-38477, CVE-2022-38478.
 -- Mike Hommey <glandium@debian.org>  Wed, 24 Aug 2022 06:35:58 +0900
 -- Mike Hommey <glandium@debian.org>  Mon, 15 Aug 2022 15:46:49 +0900
    CVE-2022-36319, CVE-2022-36318, CVE-2022-36315, CVE-2022-36316,
    CVE-2022-36320, CVE-2022-2505.
 -- Mike Hommey <glandium@debian.org>  Sun, 14 Aug 2022 16:59:19 +0900
    CVE-2022-34479, CVE-2022-34470, CVE-2022-34468, CVE-2022-34482,
    CVE-2022-34483, CVE-2022-34476, CVE-2022-34481, CVE-2022-34474,
    CVE-2022-34471, CVE-2022-34472, CVE-2022-2200, CVE-2022-34480,
    CVE-2022-34477, CVE-2022-34475, CVE-2022-34473, CVE-2022-34484,
    CVE-2022-34485.
 -- Mike Hommey <glandium@debian.org>  Wed, 29 Jun 2022 07:41:32 +0900
 -- Mike Hommey <glandium@debian.org>  Fri, 10 Jun 2022 06:24:01 +0900
    CVE-2022-31736, CVE-2022-31737, CVE-2022-31738, CVE-2022-31740,
    CVE-2022-31741, CVE-2022-31742, CVE-2022-31743, CVE-2022-31744,
    CVE-2022-31745, CVE-2022-1919, CVE-2022-31747, CVE-2022-31748.
 -- Mike Hommey <glandium@debian.org>  Wed, 01 Jun 2022 06:07:37 +0900
  * Fixes for mfsa2022-19, also known as CVE-2022-1802 and CVE-2022-1529.
 -- Mike Hommey <glandium@debian.org>  Sat, 21 May 2022 07:32:04 +0900
    CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911,
    CVE-2022-29912, CVE-2022-29915, CVE-2022-29917, CVE-2022-29918.
 -- Mike Hommey <glandium@debian.org>  Wed, 04 May 2022 08:48:41 +0900
    CVE-2022-1097, CVE-2022-28281, CVE-2022-28282, CVE-2022-28283,
    CVE-2022-28284, CVE-2022-28285, CVE-2022-28286, CVE-2022-28287,
    CVE-2022-24713, CVE-2022-28289, CVE-2022-28288.
 -- Mike Hommey <glandium@debian.org>  Wed, 06 Apr 2022 09:04:22 +0900
 -- Mike Hommey <glandium@debian.org>  Thu, 10 Mar 2022 09:09:43 +0900
    CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381,
    CVE-2022-26382, CVE-2022-26385, CVE-2022-0843.
  * Fixes for mfsa2022-09, also known as: CVE-2022-26485, CVE-2022-26486.
 -- Mike Hommey <glandium@debian.org>  Wed, 09 Mar 2022 07:09:27 +0900
    CVE-2022-22754, CVE-2022-22755, CVE-2022-22756, CVE-2022-22759,
    CVE-2022-22760, CVE-2022-22761, CVE-2022-22764, CVE-2022-0511.
 -- Mike Hommey <glandium@debian.org>  Wed, 09 Feb 2022 07:53:42 +0900
 -- Mike Hommey <glandium@debian.org>  Mon, 31 Jan 2022 06:21:31 +0900
 -- Mike Hommey <glandium@debian.org>  Sat, 15 Jan 2022 07:41:14 +0900
    CVE-2022-22743, CVE-2022-22742, CVE-2022-22741, CVE-2022-22740,
    CVE-2022-22738, CVE-2022-22737, CVE-2021-4140, CVE-2022-22748,
    CVE-2022-22745, CVE-2022-22747, CVE-2022-22739, CVE-2022-22751,
    CVE-2022-22752.
 -- Mike Hommey <glandium@debian.org>  Wed, 12 Jan 2022 08:03:30 +0900
$ 

Cheers,
David.
Reply to: