LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-8399 (ruby-gnome2)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: ruby-gnome2-0.17.0-2.fc8


Date:
    	      Sun, 28 Sep 2008 18:40:58 +0000


Message-ID:
    	      <20080928184058.17194208DDF@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8399
2008-09-27 03:03:19
--------------------------------------------------------------------------------

Name        : ruby-gnome2
Product     : Fedora 8
Version     : 0.17.0
Release     : 2.fc8
URL         : http://ruby-gnome2.sourceforge.jp/
Summary     : Ruby binding of libgnome/libgnomeui-2.x
Description :
This is a set of bindings for the GNOME-2.x libraries for use from Ruby.

--------------------------------------------------------------------------------
Update Information:

Mozilla Firefox is an open source Web browser.    Several flaws were found in
the processing of malformed web content. A web page containing malicious content
could cause Firefox to crash or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)    Several flaws were found in the way malformed
web content was displayed. A web page containing specially crafted content could
potentially trick a Firefox user into surrendering sensitive information.
(CVE-2008-4067, CVE-2008-4068)    A flaw was found in the way Firefox handles
mouse click events. A web page containing specially crafted JavaScript code
could move the content window while a mouse-button was pressed, causing any item
under the pointer to be dragged. This could, potentially, cause the user to
perform an unsafe drag-and-drop action. (CVE-2008-3837)    A flaw was found in
Firefox that caused certain characters to be stripped from JavaScript code. This
flaw could allow malicious JavaScript to bypass or evade script filters.
(CVE-2008-4065)    For technical details regarding these flaws, please see the
Mozilla security advisories for Firefox 3.0.2.[1]    All Firefox users should
upgrade to these updated packages, which contain patches that correct these
issues.    [1] http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 23 2008 Christopher Aillon <caillon@redhat.com> - 0.17.0-2
- Rebuild against newer gecko
* Thu Sep 18 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> 0.17.0-1
- Update to 0.17.0
- Patch from svn to fix Ruby/GLib bug (bug 456816)
* Tue Jul 15 2008 Christopher Aillon <caillon@redhat.com> - 0.17.0-0.3.rc1
- Rebuild against newer gecko
* Wed Jul  2 2008 Christopher Aillon <caillon@redhat.com> - 0.17.0-0.2.rc1
- Rebuild against newer gecko
* Sun Jun  8 2008 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 0.17.0-0.1.rc1
- 0.17.0 rc1
- Remove upstreamed patches - 2 patches remain
  - ruby-gnome2-0.17.0-rc1-script.patch
  - ruby-gnome2-all-0.16.0-xulrunner.patch
- Restrict ruby abi dependency to exact 1.8 version
- Fix the license (to strict LGPLv2)
* Wed Apr 16 2008 Christopher Aillon <caillon@redhat.com> - 0.16.0-22
- Rebuild against newer gecko
* Tue Mar 25 2008 Christopher Aillon <caillon@redhat.com> 0.16.0-21
- Rebuild against newer gecko
* Fri Feb  8 2008 Christopher Aillon <caillon@redhat.com> 0.16.0-20
- Rebuild against newer gecko
* Sat Jan 26 2008 Allisson Azevedo <allisson@gmail.com> 0.16.0-19
- Fix libglade2 Undefined method error (bugzilla #428781)
* Tue Dec  4 2007 Allisson Azevedo <allisson@gmail.com> 0.16.0-18
- Fix CVE-2007-6183, format string vulnerability (bugzilla #402871)
* Tue Nov 27 2007 Christopher Aillon <caillon@redhat.com> 0.16.0-17
- Rebuild against newer gecko
* Tue Nov 13 2007 Alex Lancaster <alexl@users.sourceforge.net> 0.16.0-16
- Fix my typo in BuildRequires
* Tue Nov 13 2007 Alex Lancaster <alexl@users.sourceforge.net> 0.16.0-15
- Rebuild against gecko-libs and gecko-devel (firefox 2.0.0.9).
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ruby-gnome2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds