Fedora alert FEDORA-2008-2682 (blam)

From:
    	     
 
updates@fedoraproject.org
To:
    	     
 
fedora-package-announce@redhat.com
Subject:
    	     
 
[SECURITY] Fedora 8 Update: blam-1.8.3-14.fc8
Date:
    	     
 
Wed, 26 Mar 2008 17:14:06 +0000
Message-ID:
    	     
 
<200803261719.m2QHJoT8004527@bastion.fedora.phx.redhat.com>
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2682
2008-03-26 16:46:54
--------------------------------------------------------------------------------

Name        : blam
Product     : Fedora 8
Version     : 1.8.3
Release     : 14.fc8
URL         : http://www.cmartin.tk/blam.html
Summary     : An RSS/RDF feed reader
Description :
Blam is a tool that helps you keep track of the growing
number of news feeds distributed as RSS. Blam lets you
subscribe to any number of feeds and provides an easy to
use and clean interface to stay up to date

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.    Several flaws were found in
the processing of some malformed web content. A web page containing such
malicious content could cause Firefox to crash or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235,
CVE-2008-1236, CVE-2008-1237)    Several flaws were found in the display of
malformed web content. A web page containing specially-crafted content could,
potentially, trick a Firefox user into surrendering sensitive information.
(CVE-2008-1234, CVE-2008-1238, CVE-2008-1241)    All Firefox users should
upgrade to these updated packages, which correct these issues, and are rebuilt
against the update Firefox packages.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 25 2008 Christopher Aillon <caillon@redhat.com> - 1.8.3-14
- Rebuild against newer gecko
* Fri Feb  8 2008 Christopher Aillon <caillon@redhat.com> - 1.8.3-13
- Rebuild against newer gecko
* Tue Nov 27 2007 Christopher Aillon <caillon@redhat.com> - 1.8.3-12
- Rebuild against newer gecko
* Thu Nov 22 2007 Peter Gordon <peter@thecodergeek.com> - 1.8.3-11
- Fix CVE-2005-4790 (bug 252294).
* Tue Nov 13 2007 Peter Gordon <peter@thecodergeek.com> - 1.8.3-10
- Rebuild for new Gecko (Firefox 2.0.0.9).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #438721 - CVE-2008-1237 javascript crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=438721
  [ 2 ] Bug #438713 - CVE-2008-1233 Mozilla products XPCNativeWrapper pollution
        https://bugzilla.redhat.com/show_bug.cgi?id=438713
  [ 3 ] Bug #438717 - CVE-2008-1235 chrome privilege via wrong principal
        https://bugzilla.redhat.com/show_bug.cgi?id=438717
  [ 4 ] Bug #438715 - CVE-2008-1234 universal XSS using event handlers
        https://bugzilla.redhat.com/show_bug.cgi?id=438715
  [ 5 ] Bug #438718 - CVE-2008-1236 browser engine crashes
        https://bugzilla.redhat.com/show_bug.cgi?id=438718
  [ 6 ] Bug #438724 - CVE-2008-1238 Referrer spoofing bug
        https://bugzilla.redhat.com/show_bug.cgi?id=438724
  [ 7 ] Bug #438730 - CVE-2008-1241 XUL popup spoofing
        https://bugzilla.redhat.com/show_bug.cgi?id=438730
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update blam' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...