March 2008 - package-announce - Fedora Mailing-Lists

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2688 2008-03-26 16:47:21 -------------------------------------------------------------------------------- Name : postgresql Product : Fedora 7 Version : 8.2.7 Release : 1.fc7 URL : http://www.postgresql.org/ Summary : PostgreSQL client programs and libraries Description : PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. -------------------------------------------------------------------------------- Update Information: Update to PostgreSQL 8.2.7 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 26 2008 Tom Lane <tgl(a)redhat.com> 8.2.7-1 - Update to PostgreSQL 8.2.7 * Mon Jan 7 2008 Tom Lane <tgl(a)redhat.com> 8.2.6-1 - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place * Thu Sep 20 2007 Tom Lane <tgl(a)redhat.com> 8.2.5-1 - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0 - Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x) - Use tzdata package's data files instead of private copy, so that postgresql-server need not be turned for routine timezone updates - Don't remove postgres user/group during RPM uninstall, per Fedora packaging guidelines - Recent perl changes in rawhide mean we need a more specific BuildRequires * Wed Jun 20 2007 Tom Lane <tgl(a)redhat.com> 8.2.4-2 - Fix oversight in postgresql-test makefile: pg_regress isn't a shell script anymore. Per upstream bug 3398. * Tue Apr 24 2007 Tom Lane <tgl(a)redhat.com> 8.2.4-1 - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs Resolves: #237682 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update postgresql' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

Fedora 7 Update: perl-Catalyst-Controller-BindLex-0.03-2.fc7

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2687 2008-03-26 16:47:16 -------------------------------------------------------------------------------- Name : perl-Catalyst-Controller-BindLex Product : Fedora 7 Version : 0.03 Release : 2.fc7 URL : http://search.cpan.org/dist/Catalyst-Controller-BindLex/ Summary : Stash your lexical goodness Description : This plugin lets you put your lexicals on the stash and elsewhere very easily. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update perl-Catalyst-Controller-BindLex' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

Fedora 8 Update: python-ply-2.3-2.fc8.1

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2684 2008-03-26 16:47:02 -------------------------------------------------------------------------------- Name : python-ply Product : Fedora 8 Version : 2.3 Release : 2.fc8.1 URL : http://www.dabeaz.com/ply/ Summary : Python Lex-Yacc Description : PLY is a straightforward lex/yacc implementation. Here is a list of its essential features: * It is implemented entirely in Python. * It uses LR-parsing which is reasonably efficient and well suited for larger grammars. * PLY provides most of the standard lex/yacc features including support for empty productions, precedence rules, error recovery, and support for ambiguous grammars. * PLY is straightforward to use and provides very extensive error checking. * PLY doesn't try to do anything more or less than provide the basic lex/yacc functionality. In other words, it's not a large parsing framework or a component of some larger system. -------------------------------------------------------------------------------- Update Information: Initial release. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-ply' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: blam-1.8.3-14.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : blam Product : Fedora 8 Version : 1.8.3 Release : 14.fc8 URL : http://www.cmartin.tk/blam.html Summary : An RSS/RDF feed reader Description : Blam is a tool that helps you keep track of the growing number of news feeds distributed as RSS. Blam lets you subscribe to any number of feeds and provides an easy to use and clean interface to stay up to date -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> - 1.8.3-14 - Rebuild against newer gecko * Fri Feb 8 2008 Christopher Aillon <caillon(a)redhat.com> - 1.8.3-13 - Rebuild against newer gecko * Tue Nov 27 2007 Christopher Aillon <caillon(a)redhat.com> - 1.8.3-12 - Rebuild against newer gecko * Thu Nov 22 2007 Peter Gordon <peter(a)thecodergeek.com> - 1.8.3-11 - Fix CVE-2005-4790 (bug 252294). * Tue Nov 13 2007 Peter Gordon <peter(a)thecodergeek.com> - 1.8.3-10 - Rebuild for new Gecko (Firefox 2.0.0.9). -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update blam' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: firefox-2.0.0.13-1.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 8 Version : 2.0.0.13 Release : 1.fc8 URL : http://www.mozilla.org/projects/firefox/ Summary : Mozilla Firefox Web browser. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> 2.0.0.13-1 - Update to 2.0.0.13 * Fri Feb 8 2008 Christopher Aillon <caillon(a)redhat.com> 2.0.0.12-1 - Update to 2.0.0.12 * Thu Dec 13 2007 Christopher Aillon <caillon(a)redhat.com> 2.0.0.10-3 - Fix the getStartPage method to not return blank. Patch by pspencer(a)fields.utoronto.ca * Wed Nov 28 2007 Christopher Aillon <caillon(a)redhat.com> 2.0.0.10-2 - Make Canvas.drawImage work again * Mon Nov 26 2007 Christopher Aillon <caillon(a)redhat.com> 2.0.0.10-1 - Update to 2.0.0.10 * Mon Nov 5 2007 Martin Stransky <stransky(a)redhat.com> 2.0.0.9-1 - updated to the latest upstream * Wed Oct 31 2007 Martin Stransky <stransky(a)redhat.com> 2.0.0.8-3 - added mozilla-plugin-config to startup script -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update firefox' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: kazehakase-0.5.3-5.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : kazehakase Product : Fedora 8 Version : 0.5.3 Release : 5.fc8 URL : http://kazehakase.sourceforge.jp/ Summary : Kazehakase browser using Gecko rendering engine Description : Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine. If you want to use WebKit for HTML rendering engine, install "kazehakase-webkit" rpm instead. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> - 0.5.3-5 - Rebuild against newer gecko * Wed Mar 5 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.3-4 - Create kazehakase-base, split gecko.so from -base package so that users can install only WebKit based package. * Sun Mar 2 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.3-3 - Support WebGTK * Sat Mar 1 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.3-1 - 0.5.3 * Fri Feb 29 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.2-8.svn3410_trunk - More try to use xulrunner * GRE version fix * Remove seemingly undesirable linking * Sun Feb 24 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.2-7.svn3391_trunk - More try to use xulrunner * Fix linkage for gecko.so * Don't use MOZILLA_INTERNAL_API anymore * NS_NewStorageStream should be changed to use xpcom http://developer.mozilla.org/en/docs/Migrating_from_Internal_Linkage_to_F... * Sat Feb 23 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.2-2.svn3391_trunk - F-9: Try latest svn for xulrunner * Fri Feb 15 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.2-1.2.svn3358 - F-9: Try latest svn for xulrunner (Still build explicitly disabled. Now it builds, does not crash but hangs eternally...) * Sat Feb 9 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - Rebuild for new gecko engine (F-7/F-8) * Wed Jan 30 2008 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.2-1 - 0.5.2 * Tue Nov 27 2007 Christopher Aillon <caillon(a)redhat.com> - F-7/8: Rebuild against newer gecko * Mon Nov 12 2007 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.0-2 - F-9: try to switch to xulrunner * Tue Nov 6 2007 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.0-1.dist.1 - Rebuild against new gecko engine - Switch to use gecko virtual dependency (bug 352091) * Mon Oct 29 2007 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 0.5.0-1 - 0.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kazehakase' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: chmsee-1.0.0-1.30.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : chmsee Product : Fedora 8 Version : 1.0.0 Release : 1.30.fc8 URL : http://chmsee.gro.clinux.org/ Summary : A Gtk+2 CHM document viewer Description : A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great people. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then read and display them. The extracted files could be found in $HOME/.chmsee/bookshelf directory. You can clean those files at any time and there is a special config option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> - 1.0.0-1.30 - Rebuild against newer gecko * Tue Mar 4 2008 bbbush <bbbush.yuan(a)gmail.com> - 1.0.0-1.29 - re-add firefox_version * Fri Feb 8 2008 Christopher Aillon <caillon(a)redhat.com> - 1.0.0-1.28 - Rebuild against newer gecko -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update chmsee' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: openvrml-0.17.5-4.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : openvrml Product : Fedora 8 Version : 0.17.5 Release : 4.fc8 URL : http://openvrml.org Summary : VRML/X3D runtime library Description : OpenVRML is a VRML/X3D support library, including a runtime and facilities for reading and displaying VRML and X3D models. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> - 0.17.5-4 - Rebuild against newer gecko * Mon Mar 17 2008 Braden McDaniel <braden(a)endoframe.com> - 0.17.5-3 - Patch for crash in openvrml-xembed (bug 437611). * Fri Feb 8 2008 Christopher Aillon <caillon(a)redhat.com> - 0.17.5-2 - Rebuild against newer gecko * Tue Feb 5 2008 Braden McDaniel <braden(a)endoframe.com> - 0.17.5-1 - Updated to 0.17.5. - Added --enable-gecko-rpath. * Sat Jan 26 2008 Braden McDaniel <braden(a)endoframe.com> - 0.17.4-1 - Updated to 0.17.4. * Thu Jan 17 2008 Braden McDaniel <braden(a)endoframe.com> - 0.17.3-1 - Updated to 0.17.3. * Wed Jan 9 2008 Braden McDaniel <braden(a)endoframe.com> - 0.17.2-1 - Updated to 0.17.2. * Sun Jan 6 2008 Braden McDaniel <braden(a)endoframe.com> - 0.17.1-1 - Updated to 0.17.1. * Wed Dec 19 2007 Braden McDaniel <braden(a)endoframe.com> - 0.17.0-2 - Removed %check. The "browser" test fails on ppc due to what looks like a probable compiler bug. * Wed Dec 19 2007 Braden McDaniel <braden(a)endoframe.com> - 0.17.0-1 - Updated to 0.17.0 - Changed license to LGPLv3+/GPLv3+ per OpenVRML 0.17.0 change. * Tue Nov 27 2007 Braden McDaniel <braden(a)endoframe.com> - 0.16.7-2 - Updated gecko-libs dependency to 1.8.1.10. * Thu Nov 15 2007 Braden McDaniel <braden(a)endoframe.com> - 0.16.7-1 - Updated to 0.16.7. - Changed build prerequisite from firefox-devel to gecko-devel. - Changed openvrml-xembed to require gecko-libs instead of firefox. * Fri Nov 9 2007 Braden McDaniel <braden(a)endoframe.com> - 0.16.6-8 - Backed out inadvertent change. * Fri Nov 9 2007 Braden McDaniel <braden(a)endoframe.com> - 0.16.6-7 - Updated firefox dependency to 2.0.0.9. * Fri Oct 26 2007 Braden McDaniel <braden(a)endoframe.com> - Updated license tags to LGPLv2+, GPLv2+. -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openvrml' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-9.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : gnome-web-photo Product : Fedora 8 Version : 0.3 Release : 9.fc8 URL : http://ftp.gnome.org/pub/GNOME/sources/gnome-web-photo/0.3/ Summary : HTML pages thumbnailer Description : gnome-web-photo contains a thumbnailer that will be used by GNOME applications, including the file manager, to generate screenshots of web pages. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> - 0.3-9 - Rebuild against newer gecko * Fri Feb 8 2008 Christopher Aillon <caillon(a)redhat.com> - 0.3-8 - Rebuild against newer gecko * Tue Nov 27 2007 Christopher Aillon <caillon(a)redhat.com> - 0.3-7 - Rebuild against newer gecko * Tue Nov 6 2007 - Martin Stransky <stransky(a)redhat.com> - 0.3-6 - Rebuild for new Gecko * Thu Oct 25 2007 - Bastien Nocera <bnocera(a)redhat.com> - 0.3-5 - Rebuild for new Gecko, tighten dependencies -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gnome-web-photo' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

[SECURITY] Fedora 8 Update: devhelp-0.16.1-6.fc8

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-2682 2008-03-26 16:46:54 -------------------------------------------------------------------------------- Name : devhelp Product : Fedora 8 Version : 0.16.1 Release : 6.fc8 URL : http://developer.imendio.com/projects/devhelp Summary : API document browser Description : An API document browser for GNOME 2. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which correct these issues, and are rebuilt against the update Firefox packages. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2008 Christopher Aillon <caillon(a)redhat.com> - 0.16.1-6 - Rebuild against newer gecko * Fri Feb 8 2008 Christopher Aillon <caillon(a)redhat.com> - 0.16.1-5 - Rebuild against newer gecko * Tue Nov 27 2007 Christopher Aillon <caillon(a)redhat.com> - 0.16.1-4 - Rebuild against newer gecko * Mon Nov 5 2007 Martin Stransky <stransky(a)redhat.com> - 0.16.1-3.fc8 - rebuild against new firefox -------------------------------------------------------------------------------- References: [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes https://bugzilla.redhat.com/show_bug.cgi?id=438721 [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution https://bugzilla.redhat.com/show_bug.cgi?id=438713 [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal https://bugzilla.redhat.com/show_bug.cgi?id=438717 [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers https://bugzilla.redhat.com/show_bug.cgi?id=438715 [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=438718 [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug https://bugzilla.redhat.com/show_bug.cgi?id=438724 [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing https://bugzilla.redhat.com/show_bug.cgi?id=438730 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update devhelp' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------

16 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce March 2008