-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-1435 2008-02-13 04:08:48 --------------------------------------------------------------------------------
Name : chmsee Product : Fedora 7 Version : 1.0.0 Release : 1.28.fc7 URL : http://chmsee.gro.clinux.org/ Summary : A Gtk+2 CHM document viewer Description : A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. It is actively developed and maintained. The author of chmsee is Jungle Ji and several other great people. Hint * Unlike other chm viewers, chmsee extracts files from chm file, and then read and display them. The extracted files could be found in $HOME/.chmsee/bookshelf directory. You can clean those files at any time and there is a special config option for that. * The bookmark is related to each file so not all bookmarks will be loaded, only current file's. * Try to remove $HOME/.chmsee if you encounter any problem after an upgrade. -------------------------------------------------------------------------------- Update Information: Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", Firefox will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of firefox are advised to upgrade to these updated packages, which contain updated packages to resolve these issues. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 8 2008 Christopher Aillon <[EMAIL PROTECTED]> - 1.0.0-1.28 - Rebuild against newer gecko * Tue Nov 27 2007 Christopher Aillon <[EMAIL PROTECTED]> - 1.0.0-1.27 - Rebuild against newer gecko * Fri Nov 16 2007 bbbush <[EMAIL PROTECTED]> - 1.0.0-1.26 - build for firefox-2.0.0.9 * Sat Aug 11 2007 bbbush <[EMAIL PROTECTED]> - 1.0.0-1.23 - update to 1.0.0 - update License field to GPLv2 * Sat Jul 21 2007 bbbush <[EMAIL PROTECTED]> - 1.0.0-0.22.beta2 - fix desktop file -------------------------------------------------------------------------------- References: [ 1 ] Bug #431732 - CVE-2008-0412 Mozilla layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=431732 [ 2 ] Bug #431733 - CVE-2008-0413 Mozilla javascript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=431733 [ 3 ] Bug #432040 - CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=432040 [ 4 ] Bug #431739 - CVE-2008-0415 Mozilla arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=431739 [ 5 ] Bug #431742 - CVE-2008-0417 Mozilla arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=431742 [ 6 ] Bug #431748 - CVE-2008-0418 Mozilla chrome: directory traversal https://bugzilla.redhat.com/show_bug.cgi?id=431748 [ 7 ] Bug #431749 - CVE-2008-0419 Mozilla arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=431749 [ 8 ] Bug #431751 - CVE-2008-0591 Mozilla information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=431751 [ 9 ] Bug #431752 - CVE-2008-0592 Mozilla text file mishandling https://bugzilla.redhat.com/show_bug.cgi?id=431752 [ 10 ] Bug #431756 - CVE-2008-0593 Mozilla URL token stealing flaw https://bugzilla.redhat.com/show_bug.cgi?id=431756 [ 11 ] Bug #432036 - CVE-2008-0594 mozilla: web forgery warning may not be displayed https://bugzilla.redhat.com/show_bug.cgi?id=432036 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update chmsee' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce