[SECURITY] Fedora 8 Update: kazehakase-0.5.0-1.fc8.2

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3962
2007-11-29 01:46:57.290638
--------------------------------------------------------------------------------

Name        : kazehakase
Product     : Fedora 8
Version     : 0.5.0
Release     : 1.fc8.2
URL         : http://kazehakase.sourceforge.jp/
Summary     : Kazehakase browser
Description :
Kazehakase is a Web browser which aims to provide
a user interface that is truly user-friendly & fully customizable.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com>
- Rebuild against newer gecko
* Tue Nov  6 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.5.0-1.dist.1
- Rebuild against new gecko engine
- Switch to use gecko virtual dependency (bug 352091)
* Mon Oct 29 2007 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.5.0-1
- 0.5.0
--------------------------------------------------------------------------------
Updated packages:

c3553198fb8c18d88bd878bd5bfe1a784f9a70cb kazehakase-debuginfo-0.5.0-1.fc8.2.ppc64.rpm
f2e7f9507d79c2ea71b738b8737fab52ee638a64 kazehakase-ruby-0.5.0-1.fc8.2.ppc64.rpm
3b2fa9624bc22e9d518ea204f9eca1bce49a39b8 kazehakase-0.5.0-1.fc8.2.ppc64.rpm
dc42757288737b4b74160d37e1616d4715c73eb2 kazehakase-hyperestraier-0.5.0-1.fc8.2.ppc64.rpm
923ba12a0ded6fb9b8fd883f1ba41ee7857bbb30 kazehakase-0.5.0-1.fc8.2.i386.rpm
f712259dc78c58171ec2a9433bcb76caf115b9f1 kazehakase-debuginfo-0.5.0-1.fc8.2.i386.rpm
fa7773159bca526f07712d0b9ecb100e83835e2c kazehakase-hyperestraier-0.5.0-1.fc8.2.i386.rpm
85052b2c4d415130e2c60e104cf398d72231d8e7 kazehakase-ruby-0.5.0-1.fc8.2.i386.rpm
6cd896ef79f3dbe740692f12d4048d27852e5ecd kazehakase-ruby-0.5.0-1.fc8.2.x86_64.rpm
dcf8c8b481127175f78764a5460518bdaef8b31d kazehakase-hyperestraier-0.5.0-1.fc8.2.x86_64.rpm
a7f63aaecb60ff43b00a4dc142e3d83e73de9c93 kazehakase-debuginfo-0.5.0-1.fc8.2.x86_64.rpm
af1c7925a8770b4bfd1c1c24f645fbd9b7f18214 kazehakase-0.5.0-1.fc8.2.x86_64.rpm
ffd11f8e7f92e4272389052ff69595d89b89a77f kazehakase-debuginfo-0.5.0-1.fc8.2.ppc.rpm
a7a27eb3d32376803be06b14f2de561f3eb68771 kazehakase-hyperestraier-0.5.0-1.fc8.2.ppc.rpm
0c596fd91e235f3f08e0273dc4e33767f1f97b2f kazehakase-0.5.0-1.fc8.2.ppc.rpm
510de654471f31c01c24ee738f633f4f35ae30d0 kazehakase-ruby-0.5.0-1.fc8.2.ppc.rpm
db85be03f7c2b7a18a2447e96c17dce60453e59e kazehakase-0.5.0-1.fc8.2.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kazehakase' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list