Stay Secure with the Latest Linux Advisories

security advisorysoftware updateFedora

Fedora 9: 2009-3875 Critical: Miro 2.0.3-3 Internet Video Player Fix

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3875 2009-04-22 19:42:15 -------------------------------------------------------------------------------- Name : Miro Product : Fedora 9 Version : 2.0.3 Release : 3.fc9 URL : http://www.getmiro.com/ Summary : Miro - Internet TV Player Description : Miro is a free application that turns your computer into an internet TV video player. This release is still a beta version, which means that there are some bugs, but we're moving quickly to fix them and will be releasing bug fixes on a regular basis. -------------------------------------------------------------------------------- Update Information: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-3.0/ -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2009 Christopher Aillon - 2.0.3-3 - Rebuild against newer gecko * Fri Mar 27 2009 Christopher Aillon - 2.0.3-2 - Rebuild against newer gecko * Mon Mar 16 2009 Alex Lancaster - 2.0.3-1 - Update to upstream 2.0.3 - Add patch to disable xine-hack, hopefully fixes #480527 - Use internal 0.14 version of rb_libtorrent for < F-11 (#489755) - Add Requires: gstreamer-python (#489134) - Drop a lot of obsolete patches * Fri Mar 6 2009 Jan Horak - 1.2.7-5 - Rebuild against newer gecko * Wed Feb 4 2009 Christopher Aillon - 1.2.7-4 - Rebuild against newer gecko * Wed Dec 17 2008 Christopher Aillon - 1.2.7-3 - Rebuild against newer gecko * Wed Nov 12 2008 Christopher Aillon - 1.2.7-2 - Rebuild against newer gecko * Sun Sep 28 2008 Alex Lancaster - 1.2.7-1 - Update to 1.2.7 - Rebuild against gecko-libs 1.9.0.2 (#464205) * Fri Aug 22 2008 Michel Alexandre Salim - 1.2.6-3 - Do not create backup files when patching; the backup files get re-added during the build process * Fri Aug 22 2008 Michel Salim - 1.2.6-2 -Unapply boost patch; boost-1.36 has been backed out for F10 * Fri Aug 22 2008 Michel Salim - 1.2.6-1 - Update to 1.2.6 - Patch for boost API change * Tue Aug 12 2008 Alex Lancaster - 1.2.4-4 - Rebuild for new boost (fixes broken deps). * Sat Jul 19 2008 Alex Lancaster - 1.2.4-3 - Rebuild for xulrunner-1.9.0.1 - Unfortunately we probably need to make this an exact match because Miro uses the unstable API, so a rebuild may need to be done on every package update to be sure that it will work with new xulrunner updates * Wed Jun 18 2008 Alex Lancaster - 1.2.4-2 - Rebuild for xulrunner-1.9 final. * Sun Jun 15 2008 Alex Lancaster - 1.2.4-1 - Update to latest upstream (1.2.4) -------------------------------------------------------------------------------- References: [ 1 ] Bug #496252 - CVE-2009-1302 Firefox 3 Layout engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496252 [ 2 ] Bug #496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496253 [ 3 ] Bug #496255 - CVE-2009-1304 Firefox 3 JavaScript engine crashes https://bugzilla.redhat.com/show_bug.cgi?id=496255 [ 4 ] Bug #496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash https://bugzilla.redhat.com/show_bug.cgi?id=496256 [ 5 ] Bug #486704 - CVE-2009-0652 firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks) https://bugzilla.redhat.com/show_bug.cgi?id=486704 [ 6 ] Bug #496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI https://bugzilla.redhat.com/show_bug.cgi?id=496262 [ 7 ] Bug #496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol https://bugzilla.redhat.com/show_bug.cgi?id=496263 [ 8 ] Bug #496266 - CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings https://bugzilla.redhat.com/show_bug.cgi?id=496266 [ 9 ] Bug #496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString https://bugzilla.redhat.com/show_bug.cgi?id=496267 [ 10 ] Bug #496270 - CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites https://bugzilla.redhat.com/show_bug.cgi?id=496270 [ 11 ] Bug #496271 - CVE-2009-1311 Firefox POST data sent to wrong site when saving web page with embedded frame https://bugzilla.redhat.com/show_bug.cgi?id=496271 [ 12 ] Bug #496274 - CVE-2009-1312 Firefox allows Refresh header to redirect to javascript: URIs https://bugzilla.redhat.com/show_bug.cgi?id=496274 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update Miro' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Revise Miro 2.0.3-3.fc9 for Fedora 9, incorporating improvements and solutions for online video playback.. Miro Update,Fedora Software,Internet TV Player,Performance Fix,Software Compatibility. . Severity: Critical. LinuxSecurity.com Team

Apr 23, 2009 •Critical Fedora