[SECURITY] Fedora 7 Update: epiphany-extensions-2.18.3-6

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : epiphany-extensions
Product     : Fedora 7
Version     : 2.18.3
Release     : 6
URL         : http://www.gnome.org/projects/epiphany/extensions
Summary     : Extensions for Epiphany, the GNOME web browser
Description :
Epiphany Extensions is a collection of extensions for Epiphany, the
GNOME web browser.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 2.18.3-6
- Rebuild against newer gecko
* Tue Nov  6 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.3-5
- Rebuild for new Gecko (Firefox 2.0.0.9)
* Sat Oct 20 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.3-4
- Rebuild against new Gecko release (Firefox 2.0.0.8)
* Mon Jul 30 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.3-3
- Add a patch from upstream SVN to fix GNOME bug 452119 (crash in the
  filterset.g updater tool from the AdBlocker extension):
  + fix-adblock-filtersetg-updater.patch
* Wed Jul 18 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.3-2
- Rebuild against new Gecko release (Firefox 2.0.0.5).
* Wed Jul  4 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.3-1
- Update to new upstream release (2.18.3).
* Wed Jun  6 2007 Christopher Aillon <caillon at redhat.com> - 2.18.2-3
- Specfiles should _NOT_ call rpm directly.  Fix the previous bug the
  correct way, by doing explicit requires on the exact versions instead
  of via rpm -q
* Tue Jun  5 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.2-2
- Add %{_target_cpu} to versioned Firefox dependency to avoid multilib
  updating issues such as bug 242318, wherein the 32-bit older Firefox build
  matches the versioned dependency, but the updated 64-bit Firefox build
  matches the 64-bit shared library dependencies. (Thanks to Frederik Hertzum
  for the bug report.)
* Wed May 30 2007 Peter Gordon <peter at thecodergeek.com> - 2.18.2-1
- Update to new upstream bugfix release (2.18.2); and rebuild for newer
  Firefox/Gecko version (2.0.0.4).
--------------------------------------------------------------------------------
Updated packages:

14f8a9fe377988dcce00679fc138bba83f2e983c epiphany-extensions-debuginfo-2.18.3-6.ppc64.rpm
05f827d4823898b47520ada2f1d32f23f5ff312a epiphany-extensions-2.18.3-6.ppc64.rpm
8c723b7fa53a4ddf6a51537a67dac645d70d7c17 epiphany-extensions-2.18.3-6.i386.rpm
34c56e296f026427d253ffb6e9d96bcd1f9631fe epiphany-extensions-debuginfo-2.18.3-6.i386.rpm
5721eb03256feae75343d6b139ffe79ab2ca38cf epiphany-extensions-2.18.3-6.x86_64.rpm
b12fd241545c7204297702ec7de3b440a556028f epiphany-extensions-debuginfo-2.18.3-6.x86_64.rpm
16064cc592b10f6fe2d0b0bac90783857afdaadf epiphany-extensions-debuginfo-2.18.3-6.ppc.rpm
759f98986ec9d6e79c9bc0c8c40d878751eed9a6 epiphany-extensions-2.18.3-6.ppc.rpm
9a51a6a0e5813ed561166b1cb54b19a1dafc40e2 epiphany-extensions-2.18.3-6.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update epiphany-extensions' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list