[SECURITY] Fedora 7 Update: blam-1.8.3-10.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : blam
Product     : Fedora 7
Version     : 1.8.3
Release     : 10.fc7
URL         : http://www.cmartin.tk/blam.html
Summary     : An RSS/RDF feed reader
Description :
Blam is a tool that helps you keep track of the growing
number of news feeds distributed as RSS. Blam lets you
subscribe to any number of feeds and provides an easy to
use and clean interface to stay up to date

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 1.8.3-10
- Reubild against newer gecko
* Thu Nov 22 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-9
- Fix CVE-2005-4790 (bug 252294).
* Wed Nov 21 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-8
- Rebuild for new Gecko (Firefox 2.0.0.9).
* Wed Oct 24 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-7
- Rebuild for updated Gecko libraries (Firefox 2.0.0.8)
* Fri Aug 17 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-6
- Add gnome-sharp and mono-web runtime dependencies; fixes bugs 282331 (Blam
  does not open links with commas correctly) and 277561 (Blam does nothing
  useful).
- Update License tag in accordance with new guidelines.
* Wed Jul 18 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-5
- Rebuild for newer Gecko libraries (Firefox 2.0.0.5)
- Depend on the gecko-libs and gecko-devel virtuals, instead of querying RPM
  at build-time (Thanks to Chris Aillon for the fix.)
- Alphabetize dependencies, and other minor aesthetic-only spec changes.
* Wed May 30 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-4
- Rebuild for newer Gecko libraries (Firefox 2.0.0.4)
- Add a patch to fix the default theme directory search path to prevent crashes
  at startup (fixes bug 241465):
  + fix-THEME_DIR-path.patch
--------------------------------------------------------------------------------
Updated packages:

f1ebd842c7d38d55b1cd573f9cc7cf821371d1b0 blam-debuginfo-1.8.3-10.fc7.i386.rpm
2c05ad923298a6702987693a2728ce5f90a8b2ce blam-1.8.3-10.fc7.i386.rpm
2fde5d08a8223062dc978b0b4824858a9a5fb2ae blam-debuginfo-1.8.3-10.fc7.x86_64.rpm
8ae3465d3533d024aa783230a7e6893ef8ee34b8 blam-1.8.3-10.fc7.x86_64.rpm
ed91de8e1abd9a19cd2053471f1a7860fc320ae1 blam-1.8.3-10.fc7.ppc.rpm
d9d96c43f7e180c42aef0d333180c22d350f0836 blam-debuginfo-1.8.3-10.fc7.ppc.rpm
c4ee583f9acd6ea29f6c0587a99ac640fc5bee53 blam-1.8.3-10.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update blam' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list