[SECURITY] Fedora 8 Update: devhelp-0.16.1-4.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007

Fedora Update Notification
2007-11-29 01:46:57.290638

Name        : devhelp
Product     : Fedora 8
Version     : 0.16.1
Release     : 4.fc8
URL         : http://developer.imendio.com/projects/devhelp
Summary     : API document browser
Description :
An API document browser for GNOME 2.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 0.16.1-4
- Rebuild against newer gecko
* Mon Nov  5 2007 Martin Stransky <stransky at redhat.com> - 0.16.1-3.fc8
- rebuild against new firefox
Updated packages:

56f68fcdc188b0fd2364e7a302ae43c68684dcae devhelp-devel-0.16.1-4.fc8.ppc64.rpm
3cc75dbb3472d7232b7366f6df18f5c3a389daf2 devhelp-debuginfo-0.16.1-4.fc8.ppc64.rpm
6effa68d15f237bd3dd90958405402a6d6ec1198 devhelp-0.16.1-4.fc8.ppc64.rpm
a59e140a7cd24a9420590a2f64e1ea3445642311 devhelp-devel-0.16.1-4.fc8.i386.rpm
1f72bcc3b0b50ea1e0cd86227eba98a26730c690 devhelp-0.16.1-4.fc8.i386.rpm
47daad620b572939a3b8f2bd704644f4d222b97c devhelp-debuginfo-0.16.1-4.fc8.i386.rpm
d9b7220ec241faf1f1f27f7dd2d2e5bf0a51b9dd devhelp-devel-0.16.1-4.fc8.x86_64.rpm
d37ed7067eb48c453855fe114e8d7620709dc8a0 devhelp-debuginfo-0.16.1-4.fc8.x86_64.rpm
bfd0063f13727cb74a3327d886b45af1101fe772 devhelp-0.16.1-4.fc8.x86_64.rpm
98e810ebaadc19cbf9ea5d0f2248fc8c156be76e devhelp-debuginfo-0.16.1-4.fc8.ppc.rpm
1be77f08dc84f70d1080f3453409957793f2ce9b devhelp-0.16.1-4.fc8.ppc.rpm
3d4bd79dfbd0e076a55653faa7c11c34e4198068 devhelp-devel-0.16.1-4.fc8.ppc.rpm
59a1c0dda6dbb30feb2215a770d5ecf5302ca661 devhelp-0.16.1-4.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update devhelp' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list