[SECURITY] Fedora 8 Update: chmsee-1.0.0-3.31.fc8

updates at fedoraproject.org updates at fedoraproject.org
Fri Jul 18 08:07:34 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-6491
2008-07-18 01:38:21
--------------------------------------------------------------------------------

Name        : chmsee
Product     : Fedora 8
Version     : 1.0.0
Release     : 3.31.fc8
URL         : http://chmsee.gro.clinux.org/
Summary     : A Gtk+2 CHM document viewer
Description :
A gtk2 chm document viewer.

It uses chmlib to extract files. It uses gecko to display pages. It supports
displaying multilingual pages due to gecko. It features bookmarks and tabs.
The tabs could be used to jump inside the chm file conveniently. Its UI is
clean and handy, also is well localized. It is actively developed and
maintained. The author of chmsee is Jungle Ji and several other great people.

Hint
* Unlike other chm viewers, chmsee extracts files from chm file, and then read
and display them. The extracted files could be found in $HOME/.chmsee/bookshelf
directory. You can clean those files at any time and there is a special config
option for that.
* The bookmark is related to each file so not all bookmarks will be loaded,
only current file's.
* Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for
Fedora 8.    An integer overflow flaw was found in the way Firefox displayed
certain web content. A malicious web site could cause Firefox to crash, or
execute arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785)    A flaw was found in the way Firefox handled certain command
line URLs. If another application passed Firefox a malformed URL, it could
result in Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933)    Updated packages update Mozilla Firefox to upstream version
2.0.0.16 to address these flaws:    http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16    This update also contains
blam, cairo-dock, chmsee, devhelp, epiphany, epiphany-extensions, galeon, gnome-
python2-extras, gnome-web-photo, gtkmozembedmm, kazehakase, liferea, Miro,
openvrml, ruby-gnome2 and yelp packages rebuilt against new Firefox / Gecko
libraries.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 15 2008 Christopher Aillon <caillon at redhat.com> - 1.0.0-3.31
- Rebuild against newer gecko
* Wed Jul  2 2008 Christopher Aillon <caillon at redhat.com> - 1.0.0-2.31
- Rebuild against newer gecko
* Wed Apr 16 2008 Christopher Aillon <caillon at redhat.com> - 1.0.0-2.30
- Rebuild against newer gecko
* Tue Mar 25 2008 Christopher Aillon <caillon at redhat.com> - 1.0.0-1.30
- Rebuild against newer gecko
* Tue Mar  4 2008 bbbush <bbbush.yuan at gmail.com> - 1.0.0-1.29
- re-add firefox_version
* Fri Feb  8 2008 Christopher Aillon <caillon at redhat.com> - 1.0.0-1.28
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349)
        https://bugzilla.redhat.com/show_bug.cgi?id=452204
  [ 2 ] Bug #454697 - CVE-2008-2933 Firefox command line URL launches multi-tabs
        https://bugzilla.redhat.com/show_bug.cgi?id=454697
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update chmsee' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list