[SECURITY] Fedora 7 Update: kazehakase-0.5.0-1.fc7.2

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : kazehakase
Product     : Fedora 7
Version     : 0.5.0
Release     : 1.fc7.2
URL         : http://kazehakase.sourceforge.jp/
Summary     : Kazehakase browser
Description :
Kazehakase is a Web browser which aims to provide
a user interface that is truly user-friendly & fully customizable.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com>
- Rebuild against newer gecko
* Tue Nov  6 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.5.0-1.dist.1
- Rebuild against new gecko engine
- Switch to use gecko virtual dependency (bug 352091)
* Mon Oct 29 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.5.0-1
- 0.5.0
* Fri Oct 26 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.9-2.svn3312
- Try svn 3312
* Tue Oct 23 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.9-2.dist.1
- Rebuild against new gecko engine.
* Mon Oct  8 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.9-2
- Readd accidentally deleted obsolete_plugin_ver macro
* Sat Sep 29 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.9-1
- 0.4.9
* Thu Aug 30 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.8-1
- 0.4.8
* Wed Aug 22 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-9.svn3228.dist.1
- Mass rebuild (buildID or binutils issue)
* Thu Aug  9 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-9.svn3228
- Rebuild against new gecko engine.
* Fri Aug  3 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-8.svn3228
- Try svn 3228
- Disable GTK_DISABLE_DEPRECATED for now
- License update
* Sat Jul 21 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-7.svn3227
- Try svn 3227 to drop GLib patch
* Mon Jun 18 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-5
- Rebuild against new gecko engine
* Tue Jun  5 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-3
- Patch to follow the newest GLib symbol
* Tue Jun  5 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-2
- Parse GLib version dependency
* Wed May 30 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.7-1
- 0.4.7
* Mon May 28 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.4.6-5.svn3221
- Try svn 3221
--------------------------------------------------------------------------------
Updated packages:

82e063fe8a660c5f1296670a1473d832f3d9ee05 kazehakase-hyperestraier-0.5.0-1.fc7.2.ppc64.rpm
6ee4ceafc9c34e53d2018896f81e2e73c5187f84 kazehakase-0.5.0-1.fc7.2.ppc64.rpm
cb993563c4962e2fd91b905cf0005b0cc8344c36 kazehakase-ruby-0.5.0-1.fc7.2.ppc64.rpm
9bebc755bda08ccdf30338bb2a56b35efa9cf3b4 kazehakase-debuginfo-0.5.0-1.fc7.2.ppc64.rpm
3486c113e87c9342ee7ba568fab8df2f786a4cf1 kazehakase-hyperestraier-0.5.0-1.fc7.2.i386.rpm
ba3ceb17c439792f661818780e04e8c8c28bf8f7 kazehakase-0.5.0-1.fc7.2.i386.rpm
82893d38847765b42593be270ad2bba884cb822d kazehakase-debuginfo-0.5.0-1.fc7.2.i386.rpm
1a800ad16e6d9a269d090899d3a7ef689d571092 kazehakase-ruby-0.5.0-1.fc7.2.i386.rpm
336ea151ea32b67da86b9f6e1aa7ee98b9b05be3 kazehakase-debuginfo-0.5.0-1.fc7.2.x86_64.rpm
869dc3465217f4ef3e65bb5e27d53501808e45fa kazehakase-hyperestraier-0.5.0-1.fc7.2.x86_64.rpm
ce1cc1981048df98c405551937b5acf4221cd6b2 kazehakase-ruby-0.5.0-1.fc7.2.x86_64.rpm
5b415d5efa70c63fd5a511248a85e81a1aea4b27 kazehakase-0.5.0-1.fc7.2.x86_64.rpm
dcc53d73836ecaad096242e7b3f89225cad50f6f kazehakase-ruby-0.5.0-1.fc7.2.ppc.rpm
e0572c9745aca7d38b60ad67f9a8771d5550ec93 kazehakase-hyperestraier-0.5.0-1.fc7.2.ppc.rpm
1f136ffcce6e8c6405dcc2ed67c710858bc06760 kazehakase-debuginfo-0.5.0-1.fc7.2.ppc.rpm
dda1b9ce08a12f4984d53b1fb36e18be2f88976a kazehakase-0.5.0-1.fc7.2.ppc.rpm
d626624233c6ca104cb0f4878513af999ab42bae kazehakase-0.5.0-1.fc7.2.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kazehakase' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list