[SECURITY] Fedora 8 Update: openvrml-0.16.7-2.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3962
2007-11-29 01:46:57.290638
--------------------------------------------------------------------------------

Name        : openvrml
Product     : Fedora 8
Version     : 0.16.7
Release     : 2.fc8
URL         : http://openvrml.org
Summary     : VRML/X3D runtime library
Description :
OpenVRML is a VRML/X3D support library, including a runtime and facilities
for reading and displaying VRML and X3D models.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.7-2
- Updated gecko-libs dependency to 1.8.1.10.
* Thu Nov 15 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.7-1
- Updated to 0.16.7.
- Changed build prerequisite from firefox-devel to gecko-devel.
- Changed openvrml-xembed to require gecko-libs instead of firefox.
* Fri Nov  9 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-8
- Backed out inadvertent change.
* Fri Nov  9 2007 Braden McDaniel  <braden at endoframe.com> - 0.16.6-7
- Updated firefox dependency to 2.0.0.9.
* Fri Oct 26 2007 Braden McDaniel  <braden at endoframe.com>
- Updated license tags to LGPLv2+, GPLv2+.
--------------------------------------------------------------------------------
Updated packages:

d094a04daf503dc94a1dc4250b412568eaba3802 openvrml-debuginfo-0.16.7-2.fc8.ppc64.rpm
47acd8e715422c9967495fb1afb48ba9c5626835 openvrml-gl-devel-0.16.7-2.fc8.ppc64.rpm
3fe1cdc12f6a66aed566ba000f01a23114ca29af openvrml-player-0.16.7-2.fc8.ppc64.rpm
0a3191c7fde4f3f811671181a4b5fe2947fc0bc1 openvrml-mozilla-plugin-0.16.7-2.fc8.ppc64.rpm
db403ca525d3310a61ff68f72d70db52363755a3 openvrml-xembed-0.16.7-2.fc8.ppc64.rpm
7d35c34b3f822901c7c357ac48b79cc00d151f27 openvrml-gl-0.16.7-2.fc8.ppc64.rpm
19edf48d59a9b429e4ab7d34915331a172537a14 openvrml-devel-0.16.7-2.fc8.ppc64.rpm
c0ff6ad707ee593fdda8d4704eafa8b4646cd328 openvrml-0.16.7-2.fc8.ppc64.rpm
ec11282fc084dbea7b40ad58e7070c24a2d876e2 openvrml-mozilla-plugin-0.16.7-2.fc8.i386.rpm
9b80be33c0d9d1efcf5a52a6a94180be24d27b9f openvrml-gl-devel-0.16.7-2.fc8.i386.rpm
10f681c1da92e8a3d4e04db2117c8c60235fc7ae openvrml-xembed-0.16.7-2.fc8.i386.rpm
1438e976e0c37e68e5e7b9dbebd127c8e997f357 openvrml-0.16.7-2.fc8.i386.rpm
e2de2e8f896f0e61c64ccc22487c130aedd7518b openvrml-debuginfo-0.16.7-2.fc8.i386.rpm
6ae41758c1b979ecfb6afbbf8378255117eef323 openvrml-gl-0.16.7-2.fc8.i386.rpm
aa10abb6a12c9aaa8a735cfc4e1ad126a091aee5 openvrml-player-0.16.7-2.fc8.i386.rpm
298be16eecfd1e797a1abe38ddfed0d7e006989b openvrml-devel-0.16.7-2.fc8.i386.rpm
4acda2d3cc8ae05f4b9a4dfe64026dfd5dc639f1 openvrml-xembed-0.16.7-2.fc8.x86_64.rpm
b840111c254aed8c8c2afbbc9cc51bd276121241 openvrml-gl-0.16.7-2.fc8.x86_64.rpm
959e810c45f014243b5eab82c8e9bc5cbd276a73 openvrml-debuginfo-0.16.7-2.fc8.x86_64.rpm
abbb257b8a6c1826df835e1e39a5727e707615ac openvrml-devel-0.16.7-2.fc8.x86_64.rpm
86affdad803507d2c14ef27cabc7a07518d59f63 openvrml-0.16.7-2.fc8.x86_64.rpm
6f08e8675824322d1bf557145e3df3e30056b2bb openvrml-player-0.16.7-2.fc8.x86_64.rpm
8e2bfb0364829195e30e7f6f9f2b90c118637446 openvrml-mozilla-plugin-0.16.7-2.fc8.x86_64.rpm
9d623d3d3cc205d87528247937b42d69425a4c19 openvrml-gl-devel-0.16.7-2.fc8.x86_64.rpm
d9d5146e836392109aa9d6000981553dccb620fa openvrml-debuginfo-0.16.7-2.fc8.ppc.rpm
3a8587907701ff653e2dadcd4bef3ff9d5d3fd9c openvrml-gl-devel-0.16.7-2.fc8.ppc.rpm
f1c7a69876e272ce41c5c3decc7daa7f80d3ae3d openvrml-mozilla-plugin-0.16.7-2.fc8.ppc.rpm
595a17864cda6d37fdd3eb991cf2c4ee4f1d45f5 openvrml-xembed-0.16.7-2.fc8.ppc.rpm
441df698ea54a10a894816f996f8c430e6a496e8 openvrml-0.16.7-2.fc8.ppc.rpm
21c08300062460e21e7fe8a0cce8cfc3272f2c1a openvrml-devel-0.16.7-2.fc8.ppc.rpm
9dcbf862e24bbdb6ab1a471ef213a0cfbe03d945 openvrml-player-0.16.7-2.fc8.ppc.rpm
ee9ed719f6b6ed33fd9bc5bc0d9590d5567d87ec openvrml-gl-0.16.7-2.fc8.ppc.rpm
e9a685a840cc8c602892cf15c479dee8bad93f47 openvrml-0.16.7-2.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openvrml' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list