Lector de Noticias

A vulnerability in xemacs was found where an attacker could provide
a group of files containing local variable definitions and arbitrary
Lisp code to be executed when one of the provided files is opened by
xemacs (CVE-2008-2142).

The updated packages have been patched to correct this issue.

A vulnerability in emacs was found where an attacker could provide
a group of files containing local variable definitions and arbitrary
Lisp code to be executed when one of the provided files is opened by
emacs (CVE-2008-2142).

The updated packages have been patched to correct this issue.

A number of vulnerabilities were discovered in Wireshark that could
cause it to crash while processing malicious packets (CVE-2008-3137,
CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141,
CVE-2008-3145).

This update provides Wireshark 1.0.2, which is not vulnerable to
these issues.

A buffer overflow vulnerability in libxslt could be exploited via an
XSL style sheet file with a long XLST transformation match condition,
which could possibly lead to the execution of arbitrary code
(CVE-2008-1767).

The updated packages have been patched to correct this issue.

openoffice.org-voikko provides Finnish spellchecker and hyphenator
component for OpenOffice.org.

The package is being updated for the new OpenOffice.org version.

Update:

Due to a build error, the previous update for i586 architecture was
built against the old OpenOffice.org. This update fixes that.

Multiple buffer overflows in yaSSL, which is used in MySQL, allowed
remote attackers to execute arbitrary code (CVE-2008-0226) or cause
a denial of service via a special Hello packet (CVE-2008-0227).

Sergei Golubchik found that MySQL did not properly validate optional
data or index directory paths given in a CREATE TABLE statement; as
well it would not, under certain conditions, prevent two databases
from using the same paths for data or index files. This could allow
an authenticated user with appropriate privilege to create tables in
one database to read and manipulate data in tables later created in
other databases, regardless of GRANT privileges (CVE-2008-2079).

The updated packages have been patched to correct these issues.

Sergei Golubchik found that MySQL did not properly validate optional
data or index directory paths given in a CREATE TABLE statement; as
well it would not, under certain conditions, prevent two databases
from using the same paths for data or index files. This could allow
an authenticated user with appropriate privilege to create tables in
one database to read and manipulate data in tables later created in
other databases, regardless of GRANT privileges (CVE-2008-2079).

The updated packages have been patched to correct this issue.

Security vulnerabilities have been discovered and corrected in the
latest Mozilla Firefox program, version 2.0.0.16 (CVE-2008-2785,
CVE-2008-2933).

This update provides the latest Firefox to correct these issues.

Updated timezone packages are being provided for older Mandriva Linux
systems that do not contain the new Daylight Savings Time information
for 2008 and later for certain time zones. These updated packages
contain the new information.

Tavis Ormandy of the Google Security Team discovered a heap-based
buffer overflow when compiling certain regular expression patterns.
This could be used by a malicious attacker by sending a specially
crafted regular expression to an application using the PCRE library,
resulting in the possible execution of arbitrary code or a denial of
service (CVE-2008-2371).

The updated packages have been patched to correct this issue.

A memory management issue was found in libpoppler by Felipe Andres
Manzano that could allow for the execution of arbitrary code with
the privileges of the user running a poppler-based application,
if they opened a specially crafted PDF file (CVE-2008-2950).

The updated packages have been patched to correct this issue.

This x11-sever update disables offscreen pixmaps by default as they
were causing drawing issues with Firefox 3 and other applications.
To re-enable this option, use 'Option XaaOffscreenPixmaps on'
in xorg.conf.

Olivier Blin 0.2.5.1-14mdv2009.0 + Revision: 136445 - restore BuildRoot + Thierry Vignaud - kill re-definition of %buildroot on Pixel's request

Thierry Vignaud 1.7.1-5mdv2009.0 + Revision: 242365 - rebuild - kill re-definition of %buildroot on Pixel's request + Olivier Blin - restore BuildRoot

Thierry Vignaud 1.2.6-3mdv2009.0 + Revision: 242384 - rebuild - kill re-definition of %buildroot on Pixel's request + Olivier Blin - restore BuildRoot

Thierry Vignaud 1.7.1-7mdv2009.0 + Revision: 242396 - rebuild - kill re-definition of %buildroot on Pixel's request + Olivier Blin - restore BuildRoot

Thierry Vignaud 2.5-3mdv2009.0 + Revision: 242410 - rebuild - kill re-definition of %buildroot on Pixel's request + Olivier Blin - restore BuildRoot

Götz Waschk 1.2.1-1mdv2009.0 + Revision: 242330 - new version - update deps - fix build - drop patch - remove library packages, now in desktop-data-model - update file list + Pixel - do not call ldconfig in %post/%postun, it is now handled by filetriggers

Thierry Vignaud 3.1-3mdv2009.0 + Revision: 242357 - rebuild - kill re-definition of %buildroot on Pixel's request - fix summary-ended-with-dot + Pixel - do not call ldconfig in %post/%postun, it is now handled by filetriggers + Olivier Blin - restore BuildRoot

Thierry Vignaud 1-14mdv2009.0 + Revision: 242356 - rebuild - kill re-definition of %buildroot on Pixel's request + Olivier Blin - restore BuildRoot