[SECURITY] Fedora 8 Update: blam-1.8.3-12.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3962
2007-11-29 01:46:57.290638
--------------------------------------------------------------------------------

Name        : blam
Product     : Fedora 8
Version     : 1.8.3
Release     : 12.fc8
URL         : http://www.cmartin.tk/blam.html
Summary     : An RSS/RDF feed reader
Description :
Blam is a tool that helps you keep track of the growing
number of news feeds distributed as RSS. Blam lets you
subscribe to any number of feeds and provides an easy to
use and clean interface to stay up to date

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 1.8.3-12
- Rebuild against newer gecko
* Thu Nov 22 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-11
- Fix CVE-2005-4790 (bug 252294).
* Tue Nov 13 2007 Peter Gordon <peter at thecodergeek.com> - 1.8.3-10
- Rebuild for new Gecko (Firefox 2.0.0.9).
--------------------------------------------------------------------------------
Updated packages:

361586efd4c5a579966fc86709bef85e3fdaac9c blam-debuginfo-1.8.3-12.fc8.i386.rpm
c55249d921779af876abba6d4f3eeab8554e1a2c blam-1.8.3-12.fc8.i386.rpm
15b4c4c3a4fe628893414c3258b65e6b63ccafc2 blam-debuginfo-1.8.3-12.fc8.x86_64.rpm
58323aa97a69b8e50c9c5dd76127b7c82f21ebd2 blam-1.8.3-12.fc8.x86_64.rpm
9a731e9d7d3d86a2e9be4d2f13af77e5a6afa674 blam-1.8.3-12.fc8.ppc.rpm
9ec82166dc5e01372c90090a377c56ed627c80a0 blam-debuginfo-1.8.3-12.fc8.ppc.rpm
35a851805079bde446080443c7c7dc0d92f53b01 blam-1.8.3-12.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update blam' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the package-announce mailing list