[SECURITY] Fedora 7 Update: devhelp-0.13-12.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007

Fedora Update Notification
2007-11-29 01:44:21.449766

Name        : devhelp
Product     : Fedora 7
Version     : 0.13
Release     : 12.fc7
URL         : http://developer.imendio.com/projects/devhelp
Summary     : API document browser
Description :
An API document browser for GNOME 2.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 0.13-12
- Rebuild against newer gecko
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> - 0.13-11
- Rebuild against newer gecko
* Fri Oct 19 2007 Christopher Aillon <caillon at redhat.com> - 0.13-10
- Rebuild against newer gecko
* Wed Jul 18 2007 Kai Engert <kengert at redhat.com> - 0.13-9
- Rebuild against newer gecko
* Fri May 25 2007 Christopher Aillon <caillon at redhat.com> - 0.13-8
- Rebuild against newer gecko
* Mon Apr 23 2007 Matthew Barnes <mbarnes at redhat.com> - 0.13-7.fc7
- Add patch for RH bug #230837 (initialize GThread).
* Sat Apr 21 2007 Matthias Clasen <mclasen at redhat.com> - 0.13-6
- Don't install INSTALL
Updated packages:

6879dde28a6d411ca6d05f6dc46ad958ebe92337 devhelp-0.13-12.fc7.ppc64.rpm
e6f1127dedc826e56e41b032b504e7f6d3c44787 devhelp-devel-0.13-12.fc7.ppc64.rpm
aa0ce4dbfd000d0af55b727169a970f5f4bc047a devhelp-debuginfo-0.13-12.fc7.ppc64.rpm
3c579a6b78907721b4a3f2ee5f77c519b2ff5d59 devhelp-0.13-12.fc7.i386.rpm
9d708fab29f8fd1d13314baf4ca7067886f6c888 devhelp-devel-0.13-12.fc7.i386.rpm
3bc5ac0cc62cf68fd77fb9f897d927d40b0ca31a devhelp-debuginfo-0.13-12.fc7.i386.rpm
e03e752de427c189fb825274c8805793659b5810 devhelp-devel-0.13-12.fc7.x86_64.rpm
cebde82d6fc003edd7eb41a42431fdfd5ee3d503 devhelp-0.13-12.fc7.x86_64.rpm
66587ade46affd29a3dba21fe3df8cfe92caf819 devhelp-debuginfo-0.13-12.fc7.x86_64.rpm
d9ec343a3c37cefd88899813fe7f4c7572835709 devhelp-0.13-12.fc7.ppc.rpm
00322c3c319ef548f6686d2d4e5452372d723745 devhelp-debuginfo-0.13-12.fc7.ppc.rpm
3ee9419e7fa7137d43e2388b8f8f1a1c7108e878 devhelp-devel-0.13-12.fc7.ppc.rpm
7685fe4f15ffc60ab05f69a5c2880843f0091078 devhelp-0.13-12.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update devhelp' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list