LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-18775 (galeon)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 13 Update: galeon-2.0.7-36.fc13 


Date:
    	      Fri, 10 Dec 2010 20:25:42 +0000


Message-ID:
    	      <20101210202543.0EDD011073F@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-18775
2010-12-09 23:19:34
--------------------------------------------------------------------------------

Name        : galeon
Product     : Fedora 13
Version     : 2.0.7
Release     : 36.fc13
URL         : http://galeon.sourceforge.net/
Summary     : GNOME2 Web browser based on Mozilla
Description :
Galeon is a web browser built around Gecko (Mozilla's rendering
engine) and Necko (Mozilla's networking engine). It's a GNOME web
browser, designed to take advantage of as many GNOME technologies as
makes sense. Galeon was written to do just one thing - browse the web.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.13, fixing multiple security issues detailed in the
upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/fir...

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox /
XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  9 2010 Jan Horak <jhorak@redhat.com> - 2.0.7-36
- Rebuild against newer gecko
* Thu Oct 28 2010 Jan Horak <jhorak@redhat.com> - 2.0.7-35
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <jhorak@redhat.com> - 2.0.7-34
- Rebuild against newer gecko
* Tue Sep 21 2010 Yanko Kaneti <yaneti@declera.com> - 2.0.7-33
- Bump and build with latest xulrunner.
* Fri Sep 17 2010 Yanko Kaneti <yaneti@declera.com> - 2.0.7-32
- Add some workarounds for crashes involving embeds coming and going without
  being sufficiently accounted for e.g. various popups.
- Use existing network status icons for online/offline status.
* Wed Sep  8 2010 Jan Horak <jhorak@redhat.com> - 2.0.7-31
- Rebuild against newer gecko
* Tue Aug 10 2010 Jan Horak <jhorak@redhat.com> - 2.0.7-30
- Rebuild against newer gecko
* Wed Jun 23 2010 Jan Horak <jhorak@redhat.com> - 2.0.7-29
- Rebuild against newer gecko
* Mon Apr 12 2010 Martin Stransky <stransky@redhat.com> - 2.0.7-28
- Updated gecko dependency
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #660429 - CVE-2010-3766 Mozilla use-after-free error with nsDOMAttribute
MutationObserver (MFSA 2010-80)
        https://bugzilla.redhat.com/show_bug.cgi?id=660429
  [ 2 ] Bug #660431 - CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA
2010-81)
        https://bugzilla.redhat.com/show_bug.cgi?id=660431
  [ 3 ] Bug #660420 - CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78)
        https://bugzilla.redhat.com/show_bug.cgi?id=660420
  [ 4 ] Bug #660439 - CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA
2010-84)
        https://bugzilla.redhat.com/show_bug.cgi?id=660439
  [ 5 ] Bug #660417 - CVE-2010-3771 Mozilla Chrome privilege escalation with window.open and
<isindex> element (MFSA 2010-76)
        https://bugzilla.redhat.com/show_bug.cgi?id=660417
  [ 6 ] Bug #660419 - CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside
a XUL tree (MFSA 2010-77)
        https://bugzilla.redhat.com/show_bug.cgi?id=660419
  [ 7 ] Bug #660435 - CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
        https://bugzilla.redhat.com/show_bug.cgi?id=660435
  [ 8 ] Bug #660438 - CVE-2010-3774 Mozilla location bar SSL spoofing using network error page
(MFSA 2010-83)
        https://bugzilla.redhat.com/show_bug.cgi?id=660438
  [ 9 ] Bug #660422 - CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data:
URL meta refresh (MFSA 2010-79)
        https://bugzilla.redhat.com/show_bug.cgi?id=660422
  [ 10 ] Bug #660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
        https://bugzilla.redhat.com/show_bug.cgi?id=660408
  [ 11 ] Bug #660415 - CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
        https://bugzilla.redhat.com/show_bug.cgi?id=660415
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update galeon' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds