[SECURITY] Fedora 7 Update: chmsee-1.0.0-1.27.fc7

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 29 01:45:27 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3952
2007-11-29 01:44:21.449766
--------------------------------------------------------------------------------

Name        : chmsee
Product     : Fedora 7
Version     : 1.0.0
Release     : 1.27.fc7
URL         : http://chmsee.gro.clinux.org/
Summary     : A Gtk+2 CHM document viewer
Description :
A gtk2 chm document viewer.

It uses chmlib to extract files. It uses gecko to display pages. It supports
displaying multilingual pages due to gecko. It features bookmarks and tabs.
The tabs could be used to jump inside the chm file conveniently. Its UI is
clean and handy, also is well localized. It is actively developed and
maintained. The author of chmsee is Jungle Ji and several other great people.

Hint
* Unlike other chm viewers, chmsee extracts files from chm file, and then read
and display them. The extracted files could be found in $HOME/.chmsee/bookshelf
directory. You can clean those files at any time and there is a special config
option for that.
* The bookmark is related to each file so not all bookmarks will be loaded,
only current file's.
* Try to remove $HOME/.chmsee if you encounter any problem after an upgrade.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 27 2007 Christopher Aillon <caillon at redhat.com> - 1.0.0-1.27
- Rebuild against newer gecko
* Fri Nov 16 2007 bbbush <bbbush.yuan at gmail.com> - 1.0.0-1.26
- build for firefox-2.0.0.9
* Sat Aug 11 2007 bbbush <bbbush.yuan at gmail.com> - 1.0.0-1.23
- update to 1.0.0
- update License field to GPLv2
* Sat Jul 21 2007 bbbush <bbbush.yuan at gmail.com> - 1.0.0-0.22.beta2
- fix desktop file
--------------------------------------------------------------------------------
Updated packages:

1684543fa3bb1b50387a9f8af78702834ccbee01 chmsee-1.0.0-1.27.fc7.ppc64.rpm
9715f1c455a10815a13fad594e1954d0992abd89 chmsee-debuginfo-1.0.0-1.27.fc7.ppc64.rpm
65570a79db94873d9494e1cd6c033c60497d371e chmsee-debuginfo-1.0.0-1.27.fc7.i386.rpm
7df6eef3eec6ca823e36e367d74a925ae9b9cc94 chmsee-1.0.0-1.27.fc7.i386.rpm
2138d17b7ce9df1aa405daae54db845e67ba90b1 chmsee-1.0.0-1.27.fc7.x86_64.rpm
90333f3ce679096c6c84753e8caccdecf893eaa3 chmsee-debuginfo-1.0.0-1.27.fc7.x86_64.rpm
850916312335948e25c69c4bb8a248bcad2fab68 chmsee-debuginfo-1.0.0-1.27.fc7.ppc.rpm
21d28958644e6b83a37118d6b66ed2565d8937a9 chmsee-1.0.0-1.27.fc7.ppc.rpm
161dca339da48218a82dd0eec832da35d5e09d5c chmsee-1.0.0-1.27.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update chmsee' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list