[SECURITY] Fedora 7 Update: openvrml-0.16.7-2.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : openvrml
Product     : Fedora 7
Version     : 0.16.7
Release     : 2.fc7
URL         : http://openvrml.org
Summary     : VRML/X3D runtime library
Description :
OpenVRML is a VRML/X3D support library, including a runtime and facilities
for reading and displaying VRML and X3D models.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.7-2
- Updated gecko-libs dependency to 1.8.1.10.
* Thu Nov 15 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.7-1
- Updated to 0.16.7.
- Changed build prerequisite from firefox-devel to gecko-devel.
- Changed openvrml-xembed to require gecko-libs instead of firefox.
* Fri Nov  9 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-6
- Backed out inadvertent change.
* Fri Nov  9 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-5
- Updated firefox dependency to 2.0.0.9.
* Fri Oct 26 2007 Braden McDaniel  <braden at endoframe.com>
- Updated license tags to LGPLv2+, GPLv2+.
* Thu Oct 25 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-4
- Made openvrml depend on gecko-libs instead of firefox.
* Wed Oct 24 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-3
- Updated firefox dependency to 2.0.0.8.
* Thu Jun  7 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-2
- Updated firefox dependency to 2.0.0.5.
* Thu Jun  7 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-1
- Updated to 0.16.6.
* Thu Jun  7 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.5-1
- Updated to 0.16.5.
* Sat Jun  2 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.4-3
- Updated firefox dependency to 2.0.0.4.
--------------------------------------------------------------------------------
Updated packages:

f71626003b2a5416fca05729e096e5b164735170 openvrml-0.16.7-2.fc7.ppc64.rpm
3f3e7b11553ca6b75d28a3004ccb651868eb0289 openvrml-player-0.16.7-2.fc7.ppc64.rpm
c82491f7f77f541ac311bec8e307527f3ee8c289 openvrml-xembed-0.16.7-2.fc7.ppc64.rpm
af41d5d738720b63d928ec7dba9c304b2f52ca12 openvrml-debuginfo-0.16.7-2.fc7.ppc64.rpm
73f27dc76989a22c88ff602128acb8a4ae92bfc9 openvrml-mozilla-plugin-0.16.7-2.fc7.ppc64.rpm
7db31de7709ed0065bd0c79118a4f5a5541a6c73 openvrml-gl-0.16.7-2.fc7.ppc64.rpm
6d51fa67377512d1dc4ca90676d43b85a77f0d7e openvrml-gl-devel-0.16.7-2.fc7.ppc64.rpm
6e019b1005a9f569615f2edc00cdffbea6f9124a openvrml-devel-0.16.7-2.fc7.ppc64.rpm
082ceb719df982b21d50d51bf11461f7ea0a2a51 openvrml-xembed-0.16.7-2.fc7.i386.rpm
4eeeed1f32485cddff6a96fa7047fde9d926e36c openvrml-gl-0.16.7-2.fc7.i386.rpm
ab46846e1739f86bceca5ce83bfc644a95b6b78d openvrml-devel-0.16.7-2.fc7.i386.rpm
acdfb139980e68bcf0212e66e52a0a5cad86362a openvrml-debuginfo-0.16.7-2.fc7.i386.rpm
3eba9b1d9752e3b582f09da4dca7f18cdf69f068 openvrml-player-0.16.7-2.fc7.i386.rpm
d70b7b665756b96ac8b0cb6d07d512cf2bcef886 openvrml-gl-devel-0.16.7-2.fc7.i386.rpm
94f4f9b902d7dbdafc6b494d8106a2fd6acba060 openvrml-0.16.7-2.fc7.i386.rpm
fb6cf0749459c1d3507f0aea27e119dd24c7bc43 openvrml-mozilla-plugin-0.16.7-2.fc7.i386.rpm
6749d1f1fb9b0e81ccab9947423fad427017990e openvrml-gl-0.16.7-2.fc7.x86_64.rpm
6360629b63ce7298c2978b41a94ba7601c4669b3 openvrml-gl-devel-0.16.7-2.fc7.x86_64.rpm
eb7e5baa3fb9c5fb74d67931d3ed2b26a1fab853 openvrml-0.16.7-2.fc7.x86_64.rpm
d670bb9e54d842987e2368a7db4ace0bd4a1a5c0 openvrml-xembed-0.16.7-2.fc7.x86_64.rpm
4457f88ec273e3f5a19fcfc391312510ee2c0aad openvrml-player-0.16.7-2.fc7.x86_64.rpm
c4c9a1ba0324add90a78d3e88e966e19c8dc9a44 openvrml-mozilla-plugin-0.16.7-2.fc7.x86_64.rpm
a1bba1c512b684452f41d0902a361b6c65b3946c openvrml-debuginfo-0.16.7-2.fc7.x86_64.rpm
920802bae1964ff0f1dd860676f4ceb5b4035d27 openvrml-devel-0.16.7-2.fc7.x86_64.rpm
61bad94f12a3a08875e0657d6a813e52c754bb6d openvrml-gl-devel-0.16.7-2.fc7.ppc.rpm
5e40e9bd2a5a2e9a787529ee2477b06eb686e46c openvrml-0.16.7-2.fc7.ppc.rpm
0fbe42187887be435f859227ee20b1feff6c5e92 openvrml-player-0.16.7-2.fc7.ppc.rpm
cd906b17f40c92a3ce9af15d772aed8da305516f openvrml-mozilla-plugin-0.16.7-2.fc7.ppc.rpm
5a991374b94187c93a1e5d0b4f34a6c72066d10c openvrml-xembed-0.16.7-2.fc7.ppc.rpm
93a1919185b912ebe7e18759bd58bb315c203e01 openvrml-debuginfo-0.16.7-2.fc7.ppc.rpm
b40b222ad38dc74520b2cf3c6c74525632424c5d openvrml-devel-0.16.7-2.fc7.ppc.rpm
2ae003101674c7b806198ed221769fe4f4aaf6e8 openvrml-gl-0.16.7-2.fc7.ppc.rpm
4dc93dc011dba9b1cd626215915c20372c7bc6da openvrml-0.16.7-2.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openvrml' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list