You are not logged in.
- Topics: Active | Unanswered
#26 2019-06-19 09:27:12
- anonymous
- Member
- Registered: 2019-03-05
- Posts: 6
Re: [NOT Solved] Security update delays
waiting for firefox-esr security update....
https://security-tracker.debian.org/tra … irefox-esr
stretch (security) 60.7.1esr-1~deb9u1
------------
devuan (64bit) in apt policy firefox-esr still has
ascii 60.7.0esr-1~deb9u1(candidate) (edited -> 60.6.1esr-1~deb9u1)
refreshing...
Last edited by anonymous (2019-06-19 10:28:57)
Offline
#27 2019-06-19 11:58:29
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 1,154
Re: [NOT Solved] Security update delays
Adjusted the subject line again.
Reported the issue again.
Stay tuned...
fsr
Offline
#28 2019-06-19 13:14:12
- Ogis1975
- Member
- Registered: 2017-04-21
- Posts: 105
Re: [NOT Solved] Security update delays
Here's the explanation that was posted on devuan-dev mailing list yesterday. (The script failed if there was a read timeout.)
Thanks for the answer.
Offline
#29 2019-06-24 22:25:40
- pcalvert
- Member
- Registered: 2017-05-15
- Posts: 39
Re: [NOT Solved] Security update delays
Update: The problem seems to have been fixed.
$ apt policy firefox-esr
firefox-esr:
Installed: 60.7.1esr-1~deb9u1
Candidate: 60.7.1esr-1~deb9u1
Version table:
*** 60.7.1esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-security/main i386 Packages
100 /var/lib/dpkg/status
60.6.3esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
60.6.1esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii/main i386 PackagesPhil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
Offline
#30 2019-07-13 16:52:55
- anonymous
- Member
- Registered: 2019-03-05
- Posts: 6
Re: [NOT Solved] Security update delays
AGAIN waiting for firefox-esr security update....
https://security-tracker.debian.org/tracker/firefox-esr
stretch (security) 60.8.0esr-1~deb9u1
------------
ascii devuan (64bit) in apt policy firefox-esr still has
NOT UPDATED
Offline
#31 2019-07-14 02:16:50
- pcalvert
- Member
- Registered: 2017-05-15
- Posts: 39
Re: [NOT Solved] Security update delays
My results:
$ apt policy firefox-esr
firefox-esr:
Installed: 60.7.2esr-1~deb9u1
Candidate: 60.7.2esr-1~deb9u1
Version table:
*** 60.7.2esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-security/main i386 Packages
100 /var/lib/dpkg/status
60.6.3esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-updates/main i386 Packages
60.6.1esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii/main i386 PackagesDebian Stretch version: 60.8.0esr-1~deb9u1
Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
Offline
#32 2019-07-14 10:55:19
- yeti
- Member
- Registered: 2017-02-23
- Posts: 136
Re: [NOT Solved] Security update delays
I was lazy and now have 2 repositories in my sources list.
If this is a bad idea, please someone enlighten me...
$ apt policy firefox-esr
firefox-esr:
Installed: (none)
Candidate: 60.8.0esr-1~deb9u1
Version table:
60.8.0esr-1~deb9u1 500
500 http://auto.mirror.devuan.org/merged ascii-security/main armhf Packages
60.7.2esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-security/main armhf Packages
60.6.3esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii-updates/main armhf Packages
500 http://auto.mirror.devuan.org/merged ascii-updates/main armhf Packages
60.6.1esr-1~deb9u1 500
500 http://deb.devuan.org/merged ascii/main armhf Packages
500 http://auto.mirror.devuan.org/merged ascii/main armhf Packages"There is no PLANET-B!" — ???
"Vrijdag voor VT100!" — Yeti.
Offline
#33 2019-07-14 11:14:05
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 1,154
Re: [NOT Solved] Security update delays
I was lazy and now have 2 repositories in my sources list.
If this is a bad idea, please someone enlighten me...
I see only devuan and ascii in your sources. You're safe. If you started adding non-devuan or non-ascii sources, you could run into problems. Without pinning, apt will take the highest available version, so right now, if you installed/upgraded firefox-esr, you'd get 60.8 from ascii-security on auto.mirror, because that's a higher version than what's in deb.devuan.
But that will change in a few minutes or a couple hours. Repo is updating again. (Thanks, Ralph.)
I'm not marking the thread as Solved this time. Let's wait and see what happens.
Offline
#34 2019-07-14 12:59:17
- Marjorie
- Member
- From: Teignmouth, UK
- Registered: 2019-06-09
- Posts: 5
Re: [NOT Solved] Security update delays
Firefox-esr 60.8.0esr-1~deb9u1 hit the gb.deb.devuan.org/merged archive sometime before 2019-07-14 13:12:27 +0100 as that was when my unattended upgrades program downloaded it.
Both the previous Firefox-esr secuirty 60.7.1 and 60.7.2 security updates also downloaded shortly after Debian put them in their stable archive (though they hit Debian experimental and then testing sooner). I see no problem here.
Any idea when we might expect to see Firefox-esr 68 on ascii? I understand there will be another 2 months of security updates still to come on 60 before it becomes unsupported which implies it might be best to have a backpost before Beowulf becomes our new stable.
Offline
