-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-3952 2007-11-29 01:44:21.449766 --------------------------------------------------------------------------------
Name : blam Product : Fedora 7 Version : 1.8.3 Release : 10.fc7 URL : http://www.cmartin.tk/blam.html Summary : An RSS/RDF feed reader Description : Blam is a tool that helps you keep track of the growing number of news feeds distributed as RSS. Blam lets you subscribe to any number of feeds and provides an easy to use and clean interface to stay up to date -------------------------------------------------------------------------------- Update Information: Updated firefox packages that fix several security issues are now available for Fedora 7. This update has been rated as having critical security impact by the Fedora Security Response Team. Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 27 2007 Christopher Aillon <[EMAIL PROTECTED]> - 1.8.3-10 - Reubild against newer gecko * Thu Nov 22 2007 Peter Gordon <[EMAIL PROTECTED]> - 1.8.3-9 - Fix CVE-2005-4790 (bug 252294). * Wed Nov 21 2007 Peter Gordon <[EMAIL PROTECTED]> - 1.8.3-8 - Rebuild for new Gecko (Firefox 2.0.0.9). * Wed Oct 24 2007 Peter Gordon <[EMAIL PROTECTED]> - 1.8.3-7 - Rebuild for updated Gecko libraries (Firefox 2.0.0.8) * Fri Aug 17 2007 Peter Gordon <[EMAIL PROTECTED]> - 1.8.3-6 - Add gnome-sharp and mono-web runtime dependencies; fixes bugs 282331 (Blam does not open links with commas correctly) and 277561 (Blam does nothing useful). - Update License tag in accordance with new guidelines. * Wed Jul 18 2007 Peter Gordon <[EMAIL PROTECTED]> - 1.8.3-5 - Rebuild for newer Gecko libraries (Firefox 2.0.0.5) - Depend on the gecko-libs and gecko-devel virtuals, instead of querying RPM at build-time (Thanks to Chris Aillon for the fix.) - Alphabetize dependencies, and other minor aesthetic-only spec changes. * Wed May 30 2007 Peter Gordon <[EMAIL PROTECTED]> - 1.8.3-4 - Rebuild for newer Gecko libraries (Firefox 2.0.0.4) - Add a patch to fix the default theme directory search path to prevent crashes at startup (fixes bug 241465): + fix-THEME_DIR-path.patch -------------------------------------------------------------------------------- Updated packages: f1ebd842c7d38d55b1cd573f9cc7cf821371d1b0 blam-debuginfo-1.8.3-10.fc7.i386.rpm 2c05ad923298a6702987693a2728ce5f90a8b2ce blam-1.8.3-10.fc7.i386.rpm 2fde5d08a8223062dc978b0b4824858a9a5fb2ae blam-debuginfo-1.8.3-10.fc7.x86_64.rpm 8ae3465d3533d024aa783230a7e6893ef8ee34b8 blam-1.8.3-10.fc7.x86_64.rpm ed91de8e1abd9a19cd2053471f1a7860fc320ae1 blam-1.8.3-10.fc7.ppc.rpm d9d96c43f7e180c42aef0d333180c22d350f0836 blam-debuginfo-1.8.3-10.fc7.ppc.rpm c4ee583f9acd6ea29f6c0587a99ac640fc5bee53 blam-1.8.3-10.fc7.src.rpm This update can be installed with the "yum" update program. Use su -c 'yum update blam' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce