Fedora 10: 2009-3100 Moderate: Blam Memory Corruption Threat

Blam is a tool that helps you keep track of the growing

number of news feeds distributed as RSS. Blam lets you

subscribe to any number of feeds and provides an easy to

use and clean interface to stay up to date

A memory corruption flaw was discovered in the way Firefox handles XML files

containing an XSLT transform. A remote attacker could use this flaw to crash

Firefox or, potentially, execute arbitrary code as the user running Firefox.

(CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL

garbage collection events. A remote attacker could use this flaw to crash

Firefox or, potentially, execute arbitrary code as the user running Firefox.

(CVE-2009-1044)

* Fri Mar 27 2009 Christopher Aillon - 1.8.5-8

- Rebuild against newer gecko

* Fri Mar 6 2009 Jan Horak - 1.8.5-7

- Rebuild against newer gecko

* Wed Feb 4 2009 Christopher Aillon - 1.8.5-6

- Rebuild against newer gecko

* Wed Dec 17 2008 Christopher Aillon - 1.8.5-5

- Rebuild against newer gecko

su -c 'yum update blam' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/