[SECURITY] Fedora 8 Update: Miro-1.0-2.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:48:08 UTC 2007

Fedora Update Notification
2007-11-29 01:46:57.290638

Name        : Miro
Product     : Fedora 8
Version     : 1.0
Release     : 2.fc8
URL         : http://www.getmiro.com/
Summary     : Miro - Internet TV Player
Description :
Miro is a free application that turns your computer into an
internet TV video player. This release is still a beta version, which means
that there are some bugs, but we're moving quickly to fix them and will be
releasing bug fixes on a regular basis.

Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 8.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.


* Mon Nov 26 2007 Alex Lancaster <alexlan at fedoraproject.org> 1.0-2
- Build against gecko-libs (firefox
* Fri Nov 16 2007 Alex Lancaster <alexlan at fedoraproject.org> 1.0-1
- Update to latest upstream (1.0).
* Fri Nov  9 2007 Alex Lancaster <alexlan at fedoraproject.org>
- Update to latest upstream (
- Build against gecko-libs (firefox
- Include xine_extractor in package (thanks to Jason Farrell)
- Drop Miro-setup.py.patch
* Thu Nov  1 2007 Alex Lancaster <alexlan at fedoraproject.org>
- Update patch with workaround suggested on:
* Wed Oct 31 2007 Alex Lancaster <alexlan at fedoraproject.org>
- Add setup.py patch to ignore call to svn.
* Tue Oct 30 2007 Alex Lancaster <alexlan at fedoraproject.org>
- Add BuildRequires: libXv-devel
- Drop dbus patch
* Sun Oct 28 2007 Alex Lancaster <alexlan at fedoraproject.org>
- Update to latest upstream (
* Fri Oct 26 2007 Alex Lancaster <alexlan at fedoraproject.org>
- Replace Requires and BuildRequires for firefox with gecko to 
  smooth eventual xulrunner transition
Updated packages:

33e426aa00d7d3fe6cfa1d68bfe6991e9c4d9e9e Miro-1.0-2.fc8.ppc64.rpm
f1775cf9f417e5156b747c33f6f8d3becf268ed1 Miro-debuginfo-1.0-2.fc8.ppc64.rpm
8f1ee919c1be2606b834e04c4b1c41ccc1ab012f Miro-debuginfo-1.0-2.fc8.i386.rpm
771d16d6b4a1195c1c5070b0ff8f504d31be7828 Miro-1.0-2.fc8.i386.rpm
72ecb19fd4d977aab37138b0d017a4e70a003dee Miro-1.0-2.fc8.x86_64.rpm
31b4366a43481de24f9bacd49ad8575bd6963abb Miro-debuginfo-1.0-2.fc8.x86_64.rpm
b20d60ac66207d87e1f28902d537dd5853e5f4c1 Miro-1.0-2.fc8.ppc.rpm
25895aa5c9f6804d4979e05f7d0ebba05df2f846 Miro-debuginfo-1.0-2.fc8.ppc.rpm
aeb3745db1cb0f00de7ca333cb7e7686cdd83934 Miro-1.0-2.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update Miro' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.

More information about the Fedora-package-announce mailing list