Firefox outdated in repo (ICU vulnerable)
spawnflagger opened this issue · comments
Jason B commented
Hello,
I noticed there was a tdnf security notice after installing firefox (via tdnf install vui
).
root@photon-vm [ ~ ]# tdnf updateinfo info
Name : icu-67.1-1.ph3.x86_64.rpm
Update ID : patch:PHSA-2020-3.0-0153
Type : Security
Updated : Sun Oct 18 10:24:06 2020
Needs Reboot: 0
Description : Security fixes for {'CVE-2020-10531'}
Both icu 67.1 (ok) and 61.1 (vulnerable) were installed, as "firefox-51.0.1-1.ph3.x86_64 requires libicudata.so.61()(64bit)"
This is just an FYI, as I won't be using that Firefox.