LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-11551 (openvrml)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: openvrml-0.17.10-3.0.fc8


Date:
    	      Sun, 21 Dec 2008 08:43:41 +0000


Message-ID:
    	      <20081221084341.DC203208DE2@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-11551
2008-12-21 00:44:01
--------------------------------------------------------------------------------

Name        : openvrml
Product     : Fedora 8
Version     : 0.17.10
Release     : 3.0.fc8
URL         : http://openvrml.org
Summary     : VRML/X3D runtime library
Description :
OpenVRML is a VRML/X3D support library, including a runtime and facilities
for reading and displaying VRML and X3D models.

--------------------------------------------------------------------------------
Update Information:

Update to the new upstream Firefox release 2.0.0.19 fixing multiple security
issues:  http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.19    This update also contains new
builds of all applications depending on Gecko libraries, built against the new
version.    Note: after the updated packages are installed, Firefox must be
restarted for the update to take effect.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2008 Christopher Aillon <caillon@redhat.com> - 0.17.10-3.0
- Rebuild against newer gecko
* Wed Nov 12 2008 Christopher Aillon <caillon@redhat.com> - 0.17.10-2.0
- Rebuild against newer gecko
* Sun Oct 26 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.10-1.0
- Updated to 0.17.10.
* Thu Oct  9 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.9-1.0
- Updated to 0.17.9.
* Thu Oct  9 2008 Braden McDaniel  <braden@endoframe.com>
- Include two directories in -player pkg.
* Tue Sep 23 2008 Christopher Aillon <caillon@redhat.com> - 0.17.8-2.0
- Rebuild against newer gecko
* Wed Aug 13 2008 Braden McDaniel  <braden@endoframe.com>
- Build with -Wno-missing-braces.
* Wed Aug 13 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.8-1.0
- Updated to 0.17.8.
* Tue Aug 12 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.7-1.0
- Updated to 0.17.7.
* Tue Aug 12 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.6-7.0
- Change to x.y convention for the Release number to satisfy Fedora
  packaging scripts.
* Tue Jul 15 2008 Christopher Aillon <caillon@redhat.com> - 0.17.6-6
- Rebuild against newer gecko
* Mon Jul  7 2008 Braden McDaniel <braden@endoframe.com> - 0.17.6-5
- gcc visibility flags are still a problem for firefox headers on F8.
* Sun Jul  6 2008 Braden McDaniel <braden@endoframe.com> - 0.17.6-4
- Rebuild after updating gecko-libs requirement.
* Wed Jul  2 2008 Christopher Aillon <caillon@redhat.com> - 0.17.6-3
- Rebuild against newer gecko
* Sun Jun 22 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.6-2
- Make symbols for libglade callbacks in openvrml-player visible.
* Fri Jun 20 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.6-1
- Updated to 0.17.6.
- Build with -fvisibility=hidden -fvisibility-inlines-hidden
* Wed Apr 16 2008 Christopher Aillon <caillon@redhat.com> - 0.17.5-5
- Rebuild against newer gecko
* Tue Mar 25 2008 Christopher Aillon <caillon@redhat.com> - 0.17.5-4
- Rebuild against newer gecko
* Mon Mar 17 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.5-3
- Patch for crash in openvrml-xembed (bug 437611).
* Fri Feb  8 2008 Christopher Aillon <caillon@redhat.com> - 0.17.5-2
- Rebuild against newer gecko
* Tue Feb  5 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.5-1
- Updated to 0.17.5.
- Added --enable-gecko-rpath.
* Sat Jan 26 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.4-1
- Updated to 0.17.4.
* Thu Jan 17 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.3-1
- Updated to 0.17.3.
* Wed Jan  9 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.2-1
- Updated to 0.17.2.
* Sun Jan  6 2008 Braden McDaniel  <braden@endoframe.com> - 0.17.1-1
- Updated to 0.17.1.
* Wed Dec 19 2007 Braden McDaniel  <braden@endoframe.com> - 0.17.0-2
- Removed %check.  The "browser" test fails on ppc due to what looks
  like a probable compiler bug.
* Wed Dec 19 2007 Braden McDaniel  <braden@endoframe.com> - 0.17.0-1
- Updated to 0.17.0
- Changed license to LGPLv3+/GPLv3+ per OpenVRML 0.17.0 change.
* Tue Nov 27 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.7-2
- Updated gecko-libs dependency to 1.8.1.10.
* Thu Nov 15 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.7-1
- Updated to 0.16.7.
- Changed build prerequisite from firefox-devel to gecko-devel.
- Changed openvrml-xembed to require gecko-libs instead of firefox.
* Fri Nov  9 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-8
- Backed out inadvertent change.
* Fri Nov  9 2007 Braden McDaniel  <braden@endoframe.com> - 0.16.6-7
- Updated firefox dependency to 2.0.0.9.
* Fri Oct 26 2007 Braden McDaniel  <braden@endoframe.com>
- Updated license tags to LGPLv2+, GPLv2+.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #476266 - CVE-2008-5500 Layout engine crashes - Firefox 2 and 3
        https://bugzilla.redhat.com/show_bug.cgi?id=476266
  [ 2 ] Bug #476281 - CVE-2008-5508 Firefox errors parsing URLs with control characters
        https://bugzilla.redhat.com/show_bug.cgi?id=476281
  [ 3 ] Bug #476289 - CVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
        https://bugzilla.redhat.com/show_bug.cgi?id=476289
  [ 4 ] Bug #476272 - CVE-2008-5503 Firefox 2  Information stealing via loadBindingDocument
        https://bugzilla.redhat.com/show_bug.cgi?id=476272
  [ 5 ] Bug #476273 - CVE-2008-5504 Firefox 2 XSS attack vectors in feed preview
        https://bugzilla.redhat.com/show_bug.cgi?id=476273
  [ 6 ] Bug #476278 - CVE-2008-5506 Firefox XMLHttpRequest 302 response disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=476278
  [ 7 ] Bug #476285 - CVE-2008-5511 Firefox XSS via XBL bindings to unloaded document
        https://bugzilla.redhat.com/show_bug.cgi?id=476285
  [ 8 ] Bug #476280 - CVE-2008-5507 Firefox Cross-domain data theft via script redirect error
message
        https://bugzilla.redhat.com/show_bug.cgi?id=476280
  [ 9 ] Bug #476283 - CVE-2008-5510 Firefox null characters ignored by CSS parser
        https://bugzilla.redhat.com/show_bug.cgi?id=476283
  [ 10 ] Bug #476287 - CVE-2008-5512 Firefox JavaScript privilege escalation
        https://bugzilla.redhat.com/show_bug.cgi?id=476287
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openvrml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds