LWN.net Logo

Advertisement

Managed Dedicated Servers - HC Servers

Dedicated and managed servers in U.S and Europe. Famous 24x7 support and customizations from HCServers.net!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.

Recent Features

LWN.net Weekly Edition for May 15, 2008

Distributed bug tracking

A Talk with Fedora Project Leader Paul Frields

LWN.net Weekly Edition for May 8, 2008

Blizzard tests the reach of copyright law

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ
Rackspace.com

Fedora alert FEDORA-2008-2662 (openvrml)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: openvrml-0.16.7-4.fc7


Date:
    	      Wed, 26 Mar 2008 17:11:48 +0000


Message-ID:
    	      <200803261717.m2QHHVG7004301@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2662
2008-03-26 16:45:26
--------------------------------------------------------------------------------

Name        : openvrml
Product     : Fedora 7
Version     : 0.16.7
Release     : 4.fc7
URL         : http://openvrml.org
Summary     : VRML/X3D runtime library
Description :
OpenVRML is a VRML/X3D support library, including a runtime and facilities
for reading and displaying VRML and X3D models.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.    Several flaws were found in
the processing of some malformed web content. A web page containing such
malicious content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235,
CVE-2008-1236, CVE-2008-1237)    Several flaws were found in the display of
malformed web content. A web page containing specially-crafted content could,
potentially, trick a Firefox user into surrendering sensitive information.
(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)    All Firefox users should
upgrade to these updated packages, which correct these issues, and are rebuilt
against the update Firefox packages.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2008 Christopher Aillon <caillon@redhat.com> - 0.16.7-4
- Rebuild against newer gecko
* Fri Feb  8 2008 Christopher Aillon <caillon@redhat.com> - 0.16.7-3
- Rebuild against newer gecko
* Tue Nov 27 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.7-2
- Updated gecko-libs dependency to 1.8.1.10.
* Thu Nov 15 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.7-1
- Updated to 0.16.7.
- Changed build prerequisite from firefox-devel to gecko-devel.
- Changed openvrml-xembed to require gecko-libs instead of firefox.
* Fri Nov  9 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-6
- Backed out inadvertent change.
* Fri Nov  9 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-5
- Updated firefox dependency to 2.0.0.9.
* Fri Oct 26 2007 Braden McDaniel  <braden@endoframe.com>
- Updated license tags to LGPLv2+, GPLv2+.
* Thu Oct 25 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-4
- Made openvrml depend on gecko-libs instead of firefox.
* Wed Oct 24 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-3
- Updated firefox dependency to 2.0.0.8.
* Thu Jun  7 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-2
- Updated firefox dependency to 2.0.0.5.
* Thu Jun  7 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-1
- Updated to 0.16.6.
* Thu Jun  7 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.5-1
- Updated to 0.16.5.
* Sat Jun  2 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.4-3
- Updated firefox dependency to 2.0.0.4.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers
        https://bugzilla.redhat.com/show_bug.cgi?id=438715
  [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution
        https://bugzilla.redhat.com/show_bug.cgi?id=438713
  [ 3 ] Bug #438718 - CVE-2008-1236 browser engine crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=438718
  [ 4 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug
        https://bugzilla.redhat.com/show_bug.cgi?id=438724
  [ 5 ] Bug #438721 - CVE-2008-1237 javascript crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=438721
  [ 6 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=438730
  [ 7 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal
        https://bugzilla.redhat.com/show_bug.cgi?id=438717
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openvrml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.