LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-16885 (xulrunner)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 12 Update: xulrunner-1.9.1.15-1.fc12 


Date:
    	      Sat, 30 Oct 2010 23:43:33 +0000


Message-ID:
    	      <20101030234334.23B8C11134C@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16885
2010-10-28 21:19:56
--------------------------------------------------------------------------------

Name        : xulrunner
Product     : Fedora 12
Version     : 1.9.1.15
Release     : 1.fc12
URL         : http://developer.mozilla.org/En/XULRunner
Summary     : XUL Runtime for Gecko Applications
Description :
XULRunner provides the XUL Runtime environment for Gecko applications.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the
upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/fir...
* http://www.mozilla.org/security/known-vulnerabilities/fir...

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox /
XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 27 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.15-1
- Update to 1.9.1.15
* Tue Oct 19 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.14-1
- Update to 1.9.1.14
* Mon Sep  6 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.12-1
- Update to 1.9.1.12
* Fri Jul 23 2010 Christopher Aillon <caillon@redhat.com> - 1.9.1.11-2
- Add patch for mozbz#575836 (1.9.1.12)
* Tue Jul 20 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.11-1
- Update to 1.9.1.11
* Tue Jun 22 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.10-1
- Update to 1.9.1.10
* Mon May 17 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.9-3
- Added fix for mozbz#499295
* Mon May 10 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.9-2
- Added fix for mozbz#516124
* Tue Mar 30 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.9-1
- Update to 1.9.1.9
* Wed Mar 24 2010 Dennis Gilmore <dennis@ausil.us> - 1.9.1.8-2.1
- fix sparc arch multilib
- dont try and build nanojit on sparc64
* Wed Feb 17 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.8-2
- Added fix for #564184 - xulrunner-devel multilib conflict
* Tue Feb 16 2010 Jan Horak <jhorak@redhat.com> - 1.9.1.8-1
- Update to 1.9.1.8
* Thu Jan  7 2010 Martin Stransky <stransky@redhat.com> - 1.9.1.6-2
- Added fix for #480989
* Wed Dec 16 2009 Jan Horak <jhorak@redhat.com> - 1.9.1.6-1
- Update to 1.9.1.6
* Thu Nov  5 2009 Jan Horak <jhorak@redhat.com> - 1.9.1.5-1
- Update to 1.9.1.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642275
  [ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
        https://bugzilla.redhat.com/show_bug.cgi?id=642272
  [ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using
document.write
        https://bugzilla.redhat.com/show_bug.cgi?id=642277
  [ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
        https://bugzilla.redhat.com/show_bug.cgi?id=642283
  [ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
        https://bugzilla.redhat.com/show_bug.cgi?id=642286
  [ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
        https://bugzilla.redhat.com/show_bug.cgi?id=642290
  [ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
        https://bugzilla.redhat.com/show_bug.cgi?id=642294
  [ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=642300
  [ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
        https://bugzilla.redhat.com/show_bug.cgi?id=646997
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xulrunner' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds