[SECURITY] Fedora 11 Update: gnash-0.8.6-13.fc11
updates at fedoraproject.org
updates at fedoraproject.org
Sat Feb 13 00:39:09 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-1833
2010-02-13 00:17:32
--------------------------------------------------------------------------------
Name : gnash
Product : Fedora 11
Version : 0.8.6
Release : 13.fc11
URL : http://www.gnu.org/software/gnash/
Summary : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and opcodes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.
--------------------------------------------------------------------------------
Update Information:
This update makes Gnash use the system version of the libltdl library instead of
the bundled copy which was vulnerable to CVE-2009-3736. An update to the system
libltdl fixing CVE-2009-3736 was issued on December 21, 2009.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 12 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.6-13
- delete bundled libltdl stuff to make sure it's not used
* Thu Feb 11 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.6-12
- don't build libltdlc.a
* Thu Feb 11 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.6-11
- --without-included-ltdl (CVE-2009-3736)
* Fri Jan 22 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.6-10
- Rebuild for new Boost (1.41.0)
* Sat Jan 2 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.6-9
- Add missing Epoch to Requires
* Sat Jan 2 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.6-8
- Install icon to the correct place (#551621)
* Wed Dec 30 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-7
- One more try at using the correct dir
* Tue Dec 29 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-6
- Patch was reversed
* Tue Dec 29 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-5
- Patch Makefile.in, not Makefile.am
* Tue Dec 29 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-4
- Pick up python modules from the right dir
* Tue Dec 29 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-3
- Install python modules in the right dir
* Tue Dec 29 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-2
- Add cygnal plugins
* Tue Dec 29 2009 Tomeu Vizoso <tomeu at sugarlabs.org> - 1:0.8.6-1
- Update to 0.8.6, increase epoch.
* Thu Sep 10 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.8.20090910bzr11506
- update to HEAD
* Thu Sep 10 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.7.20090910bzr11505
- update to HEAD
* Mon Aug 10 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> 0.9.0-0.6.20090809bzr11401
- don't package headers in -widget, only in -devel (no duplicate files)
- own %{_includedir}/gnash/ in -devel
- add missing %defattr for -devel and -widget
- make -devel and -widget require the main package (with exact VR)
- fix -devel group and description
- rename gnash-widget to python-gnash as per the naming guidelines
* Sun Aug 9 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> 0.9.0-0.5.20090809bzr11401
- use %{_includedir}, not %{_prefix}/include
* Sun Aug 9 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.4.20090809bzr11401
- Install the python module in the sitearch dir
* Sun Aug 9 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.3.20090809bzr11401
- One more 64bit fix
* Sun Aug 9 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.3.20090809bzr11400
- Fix the packaging in 64bits
* Sun Aug 9 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.2.20090809bzr11400
- upload the .swf file
* Sun Aug 9 2009 Tomeu Vizoso <tomeu at sugarlabs.org> 0.9.0-0.1.20090809bzr11400
- merge upstream changes into the spec
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri May 22 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> 0.8.5-4
- rebuild for new Boost
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list