[SECURITY] Fedora 8 Update: chmsee-1.0.0-1.27.fc8

Thu Nov 29 01:48:08 UTC 2007

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3962
2007-11-29 01:46:57.290638
--------------------------------------------------------------------------------

Name        : chmsee
Product     : Fedora 8
Version     : 1.0.0
Release     : 1.27.fc8
URL         : http://chmsee.gro.clinux.org/
Summary     : A Gtk+2 CHM document viewer
Description :
A gtk2 chm document viewer.

It uses chmlib to extract files. It uses gecko to display pages. It supports
displaying multilingual pages due to gecko. It features bookmarks and tabs.
The tabs could be used to jump inside the chm file conveniently. Its UI is
clean and handy, also is well localized. It is actively developed and
maintained. The author of chmsee is Jungle Ji and several other great people.

Hint
* Unlike other chm viewers, chmsee extracts files from chm file, and then read
and display them. The extracted files could be found in $HOME/.chmsee/bookshelf
directory. You can clean those files at any time and there is a special config
option for that.
* The bookmark is related to each file so not all bookmarks will be loaded,
only current file's.
* Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 1.0.0-1.27
- Rebuild against newer gecko
* Sat Nov 10 2007 bbbush <bbbush.yuan at gmail.com> - 1.0.0-1.26
- build for firefox-2.0.0.9
--------------------------------------------------------------------------------
Updated packages:

1098badd81d87af9ed080551c1dedb1a9fc961ac chmsee-debuginfo-1.0.0-1.27.fc8.ppc64.rpm
ffe4cbeffa001eacd579c4ae544be9d8737e8410 chmsee-1.0.0-1.27.fc8.ppc64.rpm
da2e1d11d2d8e51fcaac1f4549ec7f8d259f1997 chmsee-1.0.0-1.27.fc8.i386.rpm
0ba5bc2d8fe62c4fb12ed2c92ef7d192952142dc chmsee-debuginfo-1.0.0-1.27.fc8.i386.rpm
7d86377cfcc69f74de8b85782d40fca2c781a972 chmsee-1.0.0-1.27.fc8.x86_64.rpm
613d8714e4714568a25161c85b98a8fbfa26f2fa chmsee-debuginfo-1.0.0-1.27.fc8.x86_64.rpm
7481912d0d867466ddb6c8258f4fa72a98d36cc5 chmsee-debuginfo-1.0.0-1.27.fc8.ppc.rpm
223946638645c5e418705f6ae7f6ec329e42917d chmsee-1.0.0-1.27.fc8.ppc.rpm
d271ecc07bc2cb5e58033f1b2581aa991e3db155 chmsee-1.0.0-1.27.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update chmsee' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------