[SECURITY] Fedora 13 Update: xulrunner-1.9.2.3-1.fc13

Yanko Kaneti yaneti at declera.com
Fri Apr 9 23:47:36 UTC 2010 

Thank you for breaking every explicit gecko-libs dependency out there in
a branch close to release. :/

You know gecko-libs provides/requires are there exactly to avoid this
sort of thing, right? Both callion and xhorak can probably share some
tips with you about doing xulrunner/firefox + deps upgrades en masse
without bothering all dep maintainers.

The fact that this got directly in stable without accounting the
(avoidable) breakage is another different and unfortunate failure of
process.

I'll wait a bit for someone to do the responsible thing here...

On Fri, 2010-04-09 at 04:02 +0000, updates at fedoraproject.org wrote:
> --------------------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2010-6204
> 2010-04-09 03:39:24
> --------------------------------------------------------------------------------
> 
> Name        : xulrunner
> Product     : Fedora 13
> Version     : 1.9.2.3
> Release     : 1.fc13
> URL         : http://developer.mozilla.org/En/XULRunner
> Summary     : XUL Runtime for Gecko Applications
> Description :
> XULRunner provides the XUL Runtime environment for Gecko applications.
> 
> --------------------------------------------------------------------------------
> Update Information:
> 
> Update to new upstream Firefox version 3.6.3, fixing a security issue detailed
> in the upstream advisory:    http://www.mozilla.org/security/known-
> vulnerabilities/firefox36.html#firefox3.6.3
> --------------------------------------------------------------------------------
> References:
> 
>   [ 1 ] Bug #577029 - CVE-2010-1121 firefox: arbitrary code execution via memory corruption
>         https://bugzilla.redhat.com/show_bug.cgi?id=577029
> --------------------------------------------------------------------------------
> 
> This update can be installed with the "yum" update program.  Use 
> su -c 'yum update xulrunner' at the command line.
> For more information, refer to "Managing Software with yum",
> available at http://docs.fedoraproject.org/yum/.
> 
> All packages are signed with the Fedora Project GPG key.  More details on the
> GPG keys used by the Fedora Project can be found at
> https://fedoraproject.org/keys
> --------------------------------------------------------------------------------
> _______________________________________________
> package-announce mailing list
> package-announce at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/package-announce

More information about the devel mailing list