LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2010-1833 (gnash)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 11 Update: gnash-0.8.6-13.fc11 


Date:
    	      Sat, 13 Feb 2010 00:39:09 +0000


Message-ID:
    	      <20100213003909.ED4B510FE1E@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-1833
2010-02-13 00:17:32
--------------------------------------------------------------------------------

Name        : gnash
Product     : Fedora 11
Version     : 0.8.6
Release     : 13.fc11
URL         : http://www.gnu.org/software/gnash/
Summary     : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and opcodes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.

--------------------------------------------------------------------------------
Update Information:

This update makes Gnash use the system version of the libltdl library instead of
the bundled copy which was vulnerable to CVE-2009-3736. An update to the system
libltdl fixing CVE-2009-3736 was issued on December 21, 2009.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 12 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1:0.8.6-13
- delete bundled libltdl stuff to make sure it's not used
* Thu Feb 11 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1:0.8.6-12
- don't build libltdlc.a
* Thu Feb 11 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1:0.8.6-11
- --without-included-ltdl (CVE-2009-3736)
* Fri Jan 22 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1:0.8.6-10
- Rebuild for new Boost (1.41.0)
* Sat Jan  2 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1:0.8.6-9
- Add missing Epoch to Requires
* Sat Jan  2 2010 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1:0.8.6-8
- Install icon to the correct place (#551621)
* Wed Dec 30 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-7
- One more try at using the correct dir
* Tue Dec 29 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-6
- Patch was reversed
* Tue Dec 29 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-5
- Patch Makefile.in, not Makefile.am
* Tue Dec 29 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-4
- Pick up python modules from the right dir
* Tue Dec 29 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-3
- Install python modules in the right dir
* Tue Dec 29 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-2
- Add cygnal plugins
* Tue Dec 29 2009 Tomeu Vizoso <tomeu@sugarlabs.org> - 1:0.8.6-1
- Update to 0.8.6, increase epoch.
* Thu Sep 10 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.8.20090910bzr11506
- update to HEAD
* Thu Sep 10 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.7.20090910bzr11505
- update to HEAD
* Mon Aug 10 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> 0.9.0-0.6.20090809bzr11401
- don't package headers in -widget, only in -devel (no duplicate files)
- own %{_includedir}/gnash/ in -devel
- add missing %defattr for -devel and -widget
- make -devel and -widget require the main package (with exact VR)
- fix -devel group and description
- rename gnash-widget to python-gnash as per the naming guidelines
* Sun Aug  9 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> 0.9.0-0.5.20090809bzr11401
- use %{_includedir}, not %{_prefix}/include
* Sun Aug  9 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.4.20090809bzr11401
- Install the python module in the sitearch dir
* Sun Aug  9 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.3.20090809bzr11401
- One more 64bit fix
* Sun Aug  9 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.3.20090809bzr11400
- Fix the packaging in 64bits
* Sun Aug  9 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.2.20090809bzr11400
- upload the .swf file
* Sun Aug  9 2009 Tomeu Vizoso <tomeu@sugarlabs.org> 0.9.0-0.1.20090809bzr11400
- merge upstream changes into the spec
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri May 22 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> 0.8.5-4
- rebuild for new Boost
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in
the current directory
        https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds