LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-8425 (kazehakase)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 9 Update: kazehakase-0.5.5-1.fc9.1


Date:
    	      Sun, 28 Sep 2008 18:40:02 +0000


Message-ID:
    	      <20080928184003.04151208DCE@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8425
2008-09-27 03:05:13
--------------------------------------------------------------------------------

Name        : kazehakase
Product     : Fedora 9
Version     : 0.5.5
Release     : 1.fc9.1
URL         : http://kazehakase.sourceforge.jp/
Summary     : Kazehakase browser using Gecko rendering engine
Description :
Kazehakase is a Web browser which aims to provide
a user interface that is truly user-friendly & fully customizable.

This package uses Gecko for HTML rendering engine.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.    Several flaws were found in
the processing of malformed web content. A web page containing malicious content
could cause Firefox to crash or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)    Several flaws were found in the way malformed
web content was displayed. A web page containing specially crafted content could
potentially trick a Firefox user into surrendering sensitive information.
(CVE-2008-4067, CVE-2008-4068)    A flaw was found in the way Firefox handles
mouse click events. A web page containing specially crafted JavaScript code
could move the content window while a mouse-button was pressed, causing any item
under the pointer to be dragged. This could, potentially, cause the user to
perform an unsafe drag-and-drop action. (CVE-2008-3837)    A flaw was found in
Firefox that caused certain characters to be stripped from JavaScript code. This
flaw could allow malicious JavaScript to bypass or evade script filters.
(CVE-2008-4065)    For technical details regarding these flaws, please see the
Mozilla security advisories for Firefox 3.0.2.[1]    All Firefox users should
upgrade to these updated packages, which contain patches that correct these
issues.    [1] http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.2
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 24 2008 Christopher Aillon <caillon@redhat.com> - 0.5.5-1.1
- Rebuild against newer gecko
* Wed Jul 30 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.5-1
- 0.5.5
* Sat Jul 19 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-7.svn3506_trunk
- F-9+: relax gecko libs dependency (as GRE_GetGREPathWithProperties properly
  finds out GRE)
- F-10+: add -UGTK_DISABLE_DEPRECATED temporarily
* Tue Jul 15 2008 Christopher Aillon <caillon@redhat.com>
- Rebuild against newer gecko (F-8)
* Wed Jul  2 2008 Christopher Aillon <caillon@redhat.com>
- Rebuild against newer gecko (F-8)
* Sat Jun 28 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-6.svn3506_trunk
- Try rev 3506
- Workaround for bug 447444 (xulrunner vs hunspell conflict) (F-9+)
* Wed Jun 25 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.5.4-5
- Apply xulrunner related patches from debian by Mike Hommey
  (debian bug 480796, rh bug 402641)
  This time kazehakase actually works with xulrunner!
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #449279 - totem-video-thumbnailer fails to work with flash video files
        https://bugzilla.redhat.com/show_bug.cgi?id=449279
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kazehakase' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds