[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PW7fg-0004jt-PQ@titan.mandriva.com>
Date: Fri, 24 Dec 2010 14:27:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:251-1 ] firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:251-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : December 24, 2010
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Security issues were identified and fixed in firefox:
Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).
Google security researcher Michal Zalewski reported that when a
window was opened to a site resulting in a network or certificate
error page, the opening site could access the document inside the
opened window and inject arbitrary content. An attacker could use
this bug to spoof the location bar and trick a user into thinking
they were on a different site than they actually were (CVE-2010-3774).
Mozilla security researcher moz_bug_r_a4 reported that the fix for
CVE-2010-0179 could be circumvented permitting the execution of
arbitrary JavaScript with chrome privileges (CVE-2010-3773).
Security researcher regenrecht reported via TippingPoint's Zero
Day Initiative that JavaScript arrays were vulnerable to an integer
overflow vulnerability. The report demonstrated that an array could
be constructed containing a very large number of items such that when
memory was allocated to store the array items, the integer value used
to calculate the buffer size would overflow resulting in too small a
buffer being allocated. Subsequent use of the array object could then
result in data being written past the end of the buffer and causing
memory corruption (CVE-2010-3767).
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a nsDOMAttribute node can be modified without informing
the iterator object responsible for various DOM traversals. This
flaw could lead to a inconsistent state where the iterator points
to an object it believes is part of the DOM but actually points to
some other object. If such an object had been deleted and its memory
reclaimed by the system, then the iterator could be used to call into
attacker-controlled memory (CVE-2010-3766).
Security researcher Gregory Fleischer reported that when a Java
LiveConnect script was loaded via a data: URL which redirects via a
meta refresh, then the resulting plugin object was created with the
wrong security principal and thus received elevated privileges such
as the abilities to read local files, launch processes, and create
network connections (CVE-2010-3775).
Mozilla added the OTS font sanitizing library to prevent downloadable
fonts from exposing vulnerabilities in the underlying OS font
code. This library mitigates against several issues independently
reported by Red Hat Security Response Team member Marc Schoenefeld
and Mozilla security researcher Christoph Diehl (CVE-2010-3768).
Security researcher wushi of team509 reported that when a XUL
tree had an HTML \<div\> element nested inside a \<treechildren\>
element then code attempting to display content in the XUL tree would
incorrectly treat the \<div\> element as a parent node to tree content
underneath it resulting in incorrect indexes being calculated for the
child content. These incorrect indexes were used in subsequent array
operations which resulted in writing data past the end of an allocated
buffer. An attacker could use this issue to crash a victim's browser
and run arbitrary code on their machine (CVE-2010-3772).
Security researcher echo reported that a web page could open a window
with an about:blank location and then inject an \<isindex\> element
into that page which upon submission would redirect to a chrome:
document. The effect of this defect was that the original page would
wind up with a reference to a chrome-privileged object, the opened
window, which could be leveraged for privilege escalation attacks
(CVE-2010-3771).
Dirk Heinrich reported that on Windows platforms when document.write()
was called with a very long string a buffer overflow was caused in line
breaking routines attempting to process the string for display. Such
cases triggered an invalid read past the end of an array causing a
crash which an attacker could potentially use to run arbitrary code
on a victim's computer (CVE-2010-3769).
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code
(CVE-2010-3776, CVE-2010-3777).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
Update:
A mistake was done with the MDVSA-2010:251 advisory where the actual
firefox software was NOT updated to the 3.6.13 version which in
turn lead to that some packages wasn't rebuilt against the correct
version. The secteam wishes to apologise for the misfortunate mistake
and also wishes everyone a great christmas.
Regards // Santa Claus
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3777
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
7362b9c9765a78f005c4b665c5ffa3b6 2010.0/i586/beagle-0.3.9-20.20mdv2010.0.i586.rpm
1e266ec4fea5d204f940949178e43765 2010.0/i586/beagle-crawl-system-0.3.9-20.20mdv2010.0.i586.rpm
2cefff601507db1181c68d7cc6a5fe67 2010.0/i586/beagle-doc-0.3.9-20.20mdv2010.0.i586.rpm
ed5d062b55bdc4a08c8c2cdab948621a 2010.0/i586/beagle-evolution-0.3.9-20.20mdv2010.0.i586.rpm
23d794739b1a79eb9a75694eacfb7010 2010.0/i586/beagle-gui-0.3.9-20.20mdv2010.0.i586.rpm
dc0311b61ac69fbfb57abe3a4fbceebe 2010.0/i586/beagle-gui-qt-0.3.9-20.20mdv2010.0.i586.rpm
e157d8acebfeeeecf306e32e729a76b2 2010.0/i586/beagle-libs-0.3.9-20.20mdv2010.0.i586.rpm
4dc171016cdcd713751797783d1fa3f1 2010.0/i586/firefox-3.6.13-0.1mdv2010.0.i586.rpm
c2927e77d370dba2175e5ecaccf35721 2010.0/i586/firefox-devel-3.6.13-0.1mdv2010.0.i586.rpm
5dc79f2a9adb9a8d30badc40500c0ef2 2010.0/i586/firefox-ext-beagle-0.3.9-20.20mdv2010.0.i586.rpm
a6a0920d05bdafa085f9bfeb99709584 2010.0/i586/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.i586.rpm
843f24eb522dd9071797435556443d28 2010.0/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.i586.rpm
1313da214d5ea99f4df481a7fcd928f3 2010.0/i586/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.i586.rpm
ade481d041332878f5948f40517c01e6 2010.0/i586/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.i586.rpm
fb38c756d351106c9e75cb6291ea8a46 2010.0/i586/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.i586.rpm
b0d11d676ec6a1ff0fe5a7e2393eedef 2010.0/i586/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.i586.rpm
4d963ff7a87bb11030b6e28e4b063e65 2010.0/i586/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.i586.rpm
72c6e38a8844f558066cc3c514d5dd1f 2010.0/i586/firefox-theme-kfirefox-0.16-7.14mdv2010.0.i586.rpm
d9640b653c7969f3e26eb94eee6ca364 2010.0/i586/gnome-python-extras-2.25.3-10.15mdv2010.0.i586.rpm
6643878b6a7c66545d4dbd4cccfd0575 2010.0/i586/gnome-python-gda-2.25.3-10.15mdv2010.0.i586.rpm
f53e9bdf9e3692abb8d479198d7dfd71 2010.0/i586/gnome-python-gda-devel-2.25.3-10.15mdv2010.0.i586.rpm
b5b48946228182c83d6500b5c77de0a2 2010.0/i586/gnome-python-gdl-2.25.3-10.15mdv2010.0.i586.rpm
58b06513c1ee76b050a5c538f1d0798e 2010.0/i586/gnome-python-gtkhtml2-2.25.3-10.15mdv2010.0.i586.rpm
6ed7e73a085db2858650a83c4925a69a 2010.0/i586/gnome-python-gtkmozembed-2.25.3-10.15mdv2010.0.i586.rpm
0ee2fbeb046190f2b1f1ccf569bac015 2010.0/i586/gnome-python-gtkspell-2.25.3-10.15mdv2010.0.i586.rpm
7259052b96bd807e8a9755a0e1a95f50 2010.0/i586/google-gadgets-common-0.11.2-0.10mdv2010.0.i586.rpm
807871d45d5b3bffb0d9fe995bc7e5c2 2010.0/i586/google-gadgets-gtk-0.11.2-0.10mdv2010.0.i586.rpm
651a021de8269f65b86d17fdb096a104 2010.0/i586/google-gadgets-qt-0.11.2-0.10mdv2010.0.i586.rpm
61698165914e1603ff8ac7a19f65647f 2010.0/i586/libggadget1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
d4de34cbc1fb5cc422a165d9c846cd52 2010.0/i586/libggadget-dbus1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
40d01d884275a44c317a10b3ec78e41e 2010.0/i586/libggadget-gtk1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
782c44f3cc5da470ce8f3a354e55085f 2010.0/i586/libggadget-js1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
030ce727beec59e7ace7c4831c1c6eca 2010.0/i586/libggadget-npapi1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
9643cb63dd8bb03d8b04531bc27a1f5b 2010.0/i586/libggadget-qt1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
2a231ef630da0604d31146943c960111 2010.0/i586/libggadget-webkitjs0-0.11.2-0.10mdv2010.0.i586.rpm
cb3fb13a0fadab536587f8e1d5005ad8 2010.0/i586/libggadget-xdg1.0_0-0.11.2-0.10mdv2010.0.i586.rpm
a2e761817c086c5012c90a7c754f532e 2010.0/i586/libgoogle-gadgets-devel-0.11.2-0.10mdv2010.0.i586.rpm
6faf36e422103e598af415856d8ba458 2010.0/i586/libopensc2-0.11.9-1.15mdv2010.0.i586.rpm
efe24a3cc32b55ee94c93e4684a19aef 2010.0/i586/libopensc-devel-0.11.9-1.15mdv2010.0.i586.rpm
a7f23821bc28c7e46b07330a19a25844 2010.0/i586/mozilla-plugin-opensc-0.11.9-1.15mdv2010.0.i586.rpm
d2298d9085709db208524850209782c8 2010.0/i586/mozilla-thunderbird-beagle-0.3.9-20.20mdv2010.0.i586.rpm
d393fcead0795f183df5e7861367e0ef 2010.0/i586/opensc-0.11.9-1.15mdv2010.0.i586.rpm
c733515bcac41571e388ef640bee809b 2010.0/i586/totem-2.28.5-1.12mdv2010.0.i586.rpm
ee007e4b75baf6a29b3ccc805a5f654a 2010.0/i586/totem-mozilla-2.28.5-1.12mdv2010.0.i586.rpm
29a8a6939986c856c8112bf45ef59dd8 2010.0/i586/totem-nautilus-2.28.5-1.12mdv2010.0.i586.rpm
f8b80a53722077bd279e9ee81787086e 2010.0/i586/yelp-2.28.0-1.17mdv2010.0.i586.rpm
b860b8386158a27341ac2416ee61f1bb 2010.0/SRPMS/beagle-0.3.9-20.20mdv2010.0.src.rpm
10306951c9b1a637c77f84474f3ee218 2010.0/SRPMS/firefox-3.6.13-0.1mdv2010.0.src.rpm
3aabd2042024b964a9b1e9b6c10dd05c 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.src.rpm
722c800bfc876b404a3352de99b8aeaf 2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.src.rpm
928da519cfc04251e4bd1bf8f386011c 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.src.rpm
6c4aab896ad56f20a3cc2ff70867449c 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.src.rpm
11f22050799c13dfa7d52ab8206a9e05 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.src.rpm
0b49bd2f901d7accb41af6c780e26b25 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.src.rpm
c1e47f5f02230bb57542c7068640cb75 2010.0/SRPMS/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.src.rpm
23bd5d436ba96dd9da528f2411e7accd 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.14mdv2010.0.src.rpm
b300dfa39c51ce8a30b747a9e51fd150 2010.0/SRPMS/gnome-python-extras-2.25.3-10.15mdv2010.0.src.rpm
126d656df1bfb8987e001695d634d762 2010.0/SRPMS/google-gadgets-0.11.2-0.10mdv2010.0.src.rpm
42340517c49c4724d757ee7ccb93ec63 2010.0/SRPMS/opensc-0.11.9-1.15mdv2010.0.src.rpm
a148ed3b50fea7e6eefe587159d876e4 2010.0/SRPMS/totem-2.28.5-1.12mdv2010.0.src.rpm
eef36a9147ff02e6059f194f0f99628b 2010.0/SRPMS/yelp-2.28.0-1.17mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
0801a86f204d87ac53bcc850452c7f15 2010.0/x86_64/beagle-0.3.9-20.20mdv2010.0.x86_64.rpm
9029e090efb718f5d95817dbca069f53 2010.0/x86_64/beagle-crawl-system-0.3.9-20.20mdv2010.0.x86_64.rpm
e1a74dc97183345906b0b89a4bf9fe4c 2010.0/x86_64/beagle-doc-0.3.9-20.20mdv2010.0.x86_64.rpm
8bca9cdedd9c2ef048016cdf3ae72302 2010.0/x86_64/beagle-evolution-0.3.9-20.20mdv2010.0.x86_64.rpm
81212249295ee1d3b4ba83499dc649cc 2010.0/x86_64/beagle-gui-0.3.9-20.20mdv2010.0.x86_64.rpm
16e2698132e44e964cd4ff2c0b838690 2010.0/x86_64/beagle-gui-qt-0.3.9-20.20mdv2010.0.x86_64.rpm
9d33ec7d9a8a1521cae7ded408b35d2f 2010.0/x86_64/beagle-libs-0.3.9-20.20mdv2010.0.x86_64.rpm
bcbcbaf6086158f227529a9a08fb61d9 2010.0/x86_64/firefox-3.6.13-0.1mdv2010.0.x86_64.rpm
ef670f774cbee1372252e2565a551d58 2010.0/x86_64/firefox-devel-3.6.13-0.1mdv2010.0.x86_64.rpm
ec3d733438ffc6d27a8b3f73c82cdc50 2010.0/x86_64/firefox-ext-beagle-0.3.9-20.20mdv2010.0.x86_64.rpm
badaa799dec99d0cddf0fc2689e910b1 2010.0/x86_64/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.x86_64.rpm
aa57b08ab61e003b21b0ebbcaf0f2f2a 2010.0/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.x86_64.rpm
83ce1041267763f61c5a251bd2ab7f75 2010.0/x86_64/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.x86_64.rpm
1af95c82dbe7b1e135ed9c12dfc6d89b 2010.0/x86_64/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.x86_64.rpm
feb1563b8839bbd8acd3f725bdc6eaa7 2010.0/x86_64/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.x86_64.rpm
7f351f40731624040530fae7a2f0ac2d 2010.0/x86_64/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.x86_64.rpm
f06f99f6304ed3024115d818e3630236 2010.0/x86_64/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.x86_64.rpm
bd1cc6232ca148ee69a65ca7ff281b28 2010.0/x86_64/firefox-theme-kfirefox-0.16-7.14mdv2010.0.x86_64.rpm
92700df25f6cfe91592e11f41fee71f0 2010.0/x86_64/gnome-python-extras-2.25.3-10.15mdv2010.0.x86_64.rpm
503e2372e4a1f9241f05ddd336fd3d46 2010.0/x86_64/gnome-python-gda-2.25.3-10.15mdv2010.0.x86_64.rpm
1707e9feda489a7781338214691f7925 2010.0/x86_64/gnome-python-gda-devel-2.25.3-10.15mdv2010.0.x86_64.rpm
b392561eb56093266212a57709c39097 2010.0/x86_64/gnome-python-gdl-2.25.3-10.15mdv2010.0.x86_64.rpm
1ec7c05d0fdcea08cb20b4ddddca69a3 2010.0/x86_64/gnome-python-gtkhtml2-2.25.3-10.15mdv2010.0.x86_64.rpm
9e9e435879b47b96233e6e1002d1116a 2010.0/x86_64/gnome-python-gtkmozembed-2.25.3-10.15mdv2010.0.x86_64.rpm
0393ae8e7811a12f4e4c4f6c74795d34 2010.0/x86_64/gnome-python-gtkspell-2.25.3-10.15mdv2010.0.x86_64.rpm
7fe419ee466d37853f6057d7280623cf 2010.0/x86_64/google-gadgets-common-0.11.2-0.10mdv2010.0.x86_64.rpm
74046268f87f71c8a987e25a30266d25 2010.0/x86_64/google-gadgets-gtk-0.11.2-0.10mdv2010.0.x86_64.rpm
3459e809d2cd28903ec5caa4a65d0b3c 2010.0/x86_64/google-gadgets-qt-0.11.2-0.10mdv2010.0.x86_64.rpm
498b74099be7691a0c193089b9e82780 2010.0/x86_64/lib64ggadget1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
69b51c23d4043ab86e06a5d46d420d35 2010.0/x86_64/lib64ggadget-dbus1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
18480cd491373dea57a7677108628075 2010.0/x86_64/lib64ggadget-gtk1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
b43f05c0bdd2ba8c9eb0b7260853399d 2010.0/x86_64/lib64ggadget-js1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
d81be70624a13c64ac723c05c6268342 2010.0/x86_64/lib64ggadget-npapi1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
4739da14bfdd0d6cc91e76cfb5968268 2010.0/x86_64/lib64ggadget-qt1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
cb910134b7f99ae4ec3211091b0081ef 2010.0/x86_64/lib64ggadget-webkitjs0-0.11.2-0.10mdv2010.0.x86_64.rpm
a442e71a3197f578935d2e117b2e70d5 2010.0/x86_64/lib64ggadget-xdg1.0_0-0.11.2-0.10mdv2010.0.x86_64.rpm
db86be47c56ad241f977c9cdce160302 2010.0/x86_64/lib64google-gadgets-devel-0.11.2-0.10mdv2010.0.x86_64.rpm
ccb21698ae0c0496332ffee801c9eb82 2010.0/x86_64/lib64opensc2-0.11.9-1.15mdv2010.0.x86_64.rpm
f65e1bed5bb717d52d469087f524ed4f 2010.0/x86_64/lib64opensc-devel-0.11.9-1.15mdv2010.0.x86_64.rpm
00a19d2e61af0fbb2fddb1dd51f8bc4b 2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.15mdv2010.0.x86_64.rpm
15f9caade5585c278a207a3915e1c257 2010.0/x86_64/mozilla-thunderbird-beagle-0.3.9-20.20mdv2010.0.x86_64.rpm
be7b03cddfd05cdf70f9aa2a01cd6f95 2010.0/x86_64/opensc-0.11.9-1.15mdv2010.0.x86_64.rpm
c52546473a43cbdf345fe67d4e668baa 2010.0/x86_64/totem-2.28.5-1.12mdv2010.0.x86_64.rpm
cf502322bd1e665e5196f79425c32bb6 2010.0/x86_64/totem-mozilla-2.28.5-1.12mdv2010.0.x86_64.rpm
f9f119a0763df86d677b0b3f356be6a4 2010.0/x86_64/totem-nautilus-2.28.5-1.12mdv2010.0.x86_64.rpm
5a61acd18d334e1eaba84d9ee881462a 2010.0/x86_64/yelp-2.28.0-1.17mdv2010.0.x86_64.rpm
b860b8386158a27341ac2416ee61f1bb 2010.0/SRPMS/beagle-0.3.9-20.20mdv2010.0.src.rpm
10306951c9b1a637c77f84474f3ee218 2010.0/SRPMS/firefox-3.6.13-0.1mdv2010.0.src.rpm
3aabd2042024b964a9b1e9b6c10dd05c 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.15mdv2010.0.src.rpm
722c800bfc876b404a3352de99b8aeaf 2010.0/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2010.0.src.rpm
928da519cfc04251e4bd1bf8f386011c 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.15mdv2010.0.src.rpm
6c4aab896ad56f20a3cc2ff70867449c 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.10mdv2010.0.src.rpm
11f22050799c13dfa7d52ab8206a9e05 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.15mdv2010.0.src.rpm
0b49bd2f901d7accb41af6c780e26b25 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.9mdv2010.0.src.rpm
c1e47f5f02230bb57542c7068640cb75 2010.0/SRPMS/firefox-ext-xmarks-3.5.10-0.9mdv2010.0.src.rpm
23bd5d436ba96dd9da528f2411e7accd 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.14mdv2010.0.src.rpm
b300dfa39c51ce8a30b747a9e51fd150 2010.0/SRPMS/gnome-python-extras-2.25.3-10.15mdv2010.0.src.rpm
126d656df1bfb8987e001695d634d762 2010.0/SRPMS/google-gadgets-0.11.2-0.10mdv2010.0.src.rpm
42340517c49c4724d757ee7ccb93ec63 2010.0/SRPMS/opensc-0.11.9-1.15mdv2010.0.src.rpm
a148ed3b50fea7e6eefe587159d876e4 2010.0/SRPMS/totem-2.28.5-1.12mdv2010.0.src.rpm
eef36a9147ff02e6059f194f0f99628b 2010.0/SRPMS/yelp-2.28.0-1.17mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNFHONmqjQ0CJFipgRAsDgAJ9rxv4ztOOXmwScj6xJe7DuiROupwCfZDDd
E6hUpLnRBrS2Xrzr7XIqRYw=
=Hduw
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists