LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-11375 (xulrunner)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 12 Update: xulrunner-1.9.1.11-1.fc12 


Date:
    	      Fri, 23 Jul 2010 02:47:25 +0000


Message-ID:
    	      <20100723024725.DDECF110ED1@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11375
2010-07-23 01:57:13
--------------------------------------------------------------------------------

Name        : xulrunner
Product     : Fedora 12
Version     : 1.9.1.11
Release     : 1.fc12
URL         : http://developer.mozilla.org/En/XULRunner
Summary     : XUL Runtime for Gecko Applications
Description :
XULRunner provides the XUL Runtime environment for Gecko applications.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.11, fixing multiple security issues
detailed in the upstream advisories:    http://www.mozilla.org/security/known-
vulnerabilities/firefox35.html#firefox3.5.11    Update also includes packages
depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
CVE-2010-1211 CVE-2010-1208 CVE-2010-1209 CVE-2010-1214 CVE-2010-2752
CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1206 CVE-2010-2751
CVE-2010-0654 CVE-2010-2754
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 20 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.11-1
- Update to 1.9.1.11
* Tue Jun 22 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.10-1
- Update to 1.9.1.10
* Mon May 17 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.9-3
- Added fix for mozbz#499295
* Mon May 10 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.9-2
- Added fix for mozbz#516124
* Tue Mar 30 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.9-1
- Update to 1.9.1.9
* Wed Mar 24 2010 Dennis Gilmore <dennis@ausil.us> - 1.9.1.8-2.1
- fix sparc arch multilib
- dont try and build nanojit on sparc64
* Wed Feb 17 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.8-2
- Added fix for #564184 - xulrunner-devel multilib conflict
* Tue Feb 16 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.8-1
- Update to 1.9.1.8
* Thu Jan  7 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.6-2
- Added fix for #480989
* Wed Dec 16 2009 Jan Horak <jhorak@redhat.com> - 1.9.1.6-1
- Update to 1.9.1.6
* Thu Nov  5 2009 Jan Horak <jhorak@redhat.com> - 1.9.1.5-1
- Update to 1.9.1.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #615455 - CVE-2010-1211 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=615455
  [ 2 ] Bug #615458 - CVE-2010-1208 Mozilla DOM attribute cloning remote code execution
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615458
  [ 3 ] Bug #615459 - CVE-2010-1209 Mozilla Use-after-free error in NodeIterator
        https://bugzilla.redhat.com/show_bug.cgi?id=615459
  [ 4 ] Bug #615462 - CVE-2010-1214 Mozilla Plugin parameter EnsureCachedAttrParamArrays remote
code execution vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615462
  [ 5 ] Bug #615464 - CVE-2010-2752 Mozilla nsCSSValue::Array index integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=615464
  [ 6 ] Bug #615466 - CVE-2010-2753 Mozilla nsTreeSelection dangling pointer remote code execution
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=615466
  [ 7 ] Bug #608238 - CVE-2010-1205 libpng: out-of-bounds memory write
        https://bugzilla.redhat.com/show_bug.cgi?id=608238
  [ 8 ] Bug #615471 - CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and
importScripts
        https://bugzilla.redhat.com/show_bug.cgi?id=615471
  [ 9 ] Bug #608763 - CVE-2010-1206 Firefox: Spoofing attacks via vectors involving 'No Content'
status code or via a windows.stop call
        https://bugzilla.redhat.com/show_bug.cgi?id=608763
  [ 10 ] Bug #615480 - CVE-2010-2751 Mozilla SSL spoofing with history.back() and
history.forward()
        https://bugzilla.redhat.com/show_bug.cgi?id=615480
  [ 11 ] Bug #568231 - CVE-2010-0654 firefox: cross-domain information disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=568231
  [ 12 ] Bug #615488 - CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in
error messages
        https://bugzilla.redhat.com/show_bug.cgi?id=615488
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xulrunner' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds