Fedora 18 : zeroinstall-injector-2.3-1.fc18 (2013-12396)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Fedora host is missing a security update.

Description :

Enhancements :

- upstream now ships an experimental OCaml front-end, this
is not yet enabled

- Add fish-shell command completion

- Allow relative files in <archive> and <file> for local
feeds. This makes it easy to test feeds before passing
them to 0repo.

Bug fixes :

- Better handling of default=' in <environment> bindings.
This now specifies that the default should be ',
overriding any system default.

- Fixed --refresh with 'download' and 'run' for apps.

- Updated ssl_match_hostname based on latest bug-fixes.
This fix is intended to fix a denial-of-service
attack, which doesn't really matter to 0install, but
we might as well have the latest version.

- Better error when the <rename> source does not exist.

- Allow selecting local archives even in offline mode.

- Support the use of the system store with recipes. This
is especially important now that we treat all
downloads as recipes!

- Removed old zeroinstall-add.desktop file.

Changes for APIs we depend on

- Cope with more PyGObject API changes. Based on patch in

- Keep gobject and glib separate. Sometimes we need GLib,
sometimes we need GObject.

- Updates to avoid PyGIDeprecationWarning.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :


Solution :

Update the affected zeroinstall-injector package.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: Fedora Local Security Checks

Nessus Plugin ID: 68884 ()

Bugtraq ID:

CVE ID: CVE-2013-2099

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now