Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Alexander Sack
Revision Date: 2009-03-31 19:26:56 UTC

* New security upstream release - backports for ffox 3.0.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow

Author: Alexander Sack
Revision Date: 2009-03-31 19:26:56 UTC

* New security upstream release - backports for ffox 3.0.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.

Author: Alexander Sack
Revision Date: 2009-03-31 18:52:02 UTC

* New security upstream release - backports for ffox 3.0.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow
  + Fixed in Firefox 2.0.0.16
    - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
    - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
  + Fixed in Firefox 2.0.0.15
    - MFSA 2008-33 Crash and remote code execution in block reflow
    - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
    - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
    - MFSA 2008-30 File location URL in directory listings not escaped properly
    - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
    - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
    - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
    - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
    - MFSA 2008-24 Chrome script loading from fastload file
    - MFSA 2008-23 Signed JAR tampering
    - MFSA 2008-22 XSS through JavaScript same-origin violation
    - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
  + Fixed in Firefox 2.0.0.14
    - MFSA 2008-20 Crash in JavaScript garbage collector

Author: Alexander Sack
Revision Date: 2009-03-31 18:52:02 UTC

* New security upstream release - backports for ffox 3.0.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow
  + Fixed in Firefox 2.0.0.16
    - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
    - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
  + Fixed in Firefox 2.0.0.15
    - MFSA 2008-33 Crash and remote code execution in block reflow
    - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
    - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
    - MFSA 2008-30 File location URL in directory listings not escaped properly
    - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
    - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
    - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
    - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
    - MFSA 2008-24 Chrome script loading from fastload file
    - MFSA 2008-23 Signed JAR tampering
    - MFSA 2008-22 XSS through JavaScript same-origin violation
    - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
  + Fixed in Firefox 2.0.0.14
    - MFSA 2008-20 Crash in JavaScript garbage collector

Author: Fabien Tassin
Revision Date: 2008-03-26 00:07:56 UTC

* New security upstream release: 1.8.1.13 (LP: #207171)
* Security fixes:
  - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
  - MFSA 2008-18 Java socket connection to any local port via LiveConnect
  - MFSA 2008-17 Privacy issue with SSL Client Authentication
  - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
  - MFSA 2008-15 Crashes with evidence of memory corruption
  - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
* Merge from debian unstable (1.8.1.12-5). Remaining ubuntu changes:
  - debian/patches/88_force-no-pragma-visibility-for-gcc-4.2_4.3.dpatch
  - xulrunner alternative in /usr/bin
* Drop patches applied upstream:
  - drop debian/patches/10_SECAlgorithmIDTemplate.dpatch
  - update debian/patches/00list
* Update diverged patches:
  - update debian/patches/99_configure.dpatch

Author: Alexander Sack
Revision Date: 2009-03-31 15:57:00 UTC

* two years worth of security updates for gutsy-security xulrunner 1.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow
  + Fixed in Firefox 2.0.0.16
    - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
    - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
  + Fixed in Firefox 2.0.0.15
    - MFSA 2008-33 Crash and remote code execution in block reflow
    - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
    - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
    - MFSA 2008-30 File location URL in directory listings not escaped properly
    - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
    - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
    - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
    - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
    - MFSA 2008-24 Chrome script loading from fastload file
    - MFSA 2008-23 Signed JAR tampering
    - MFSA 2008-22 XSS through JavaScript same-origin violation
    - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
  + Fixed in Firefox 2.0.0.14
    - MFSA 2008-20 Crash in JavaScript garbage collector
  + Fixed in Firefox 2.0.0.13
    - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
    - MFSA 2008-18 Java socket connection to any local port via LiveConnect
    - MFSA 2008-17 Privacy issue with SSL Client Authentication
    - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
    - MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
    - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
  + Fixed in Firefox 2.0.0.12
    - MFSA 2008-13 Multiple XSS vulnerabilities from character encoding
    - MFSA 2008-11 Web forgery overwrite with div overlay
    - MFSA 2008-10 URL token stealing via stylesheet redirect
    - MFSA 2008-09 Mishandling of locally-saved plain text files
    - MFSA 2008-08 File action dialog tampering
    - MFSA 2008-07 Possible information disclosure in BMP decoder
    - MFSA 2008-06 Web browsing history and forward navigation stealing
    - MFSA 2008-05 Directory traversal via chrome: URI
    - MFSA 2008-04 Stored password corruption
    - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
    - MFSA 2008-02 Multiple file input focus stealing vulnerabilities
    - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
  + Fixed in Firefox 2.0.0.11
    - Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update in the <canvas>
      feature that affected some web pages and extensions. There were no security-related
      fixes in this release.
  + Fixed in Firefox 2.0.0.10
    - MFSA 2007-39 Referer-spoofing via window.location race condition
    - MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
    - MFSA 2007-37 jar: URI scheme XSS hazard
  + Fixed in Firefox 2.0.0.9
    - Firefox 2.0.0.9 fixed a small number of rendering bugs introduced by the 2.0.0.8 release;
      there were no security fixes.
  + Fixed in Firefox 2.0.0.8
    - MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
    - MFSA 2007-35 XPCNativeWrapper pollution using Script object
    - MFSA 2007-34 Possible file stealing through sftp protocol
    - MFSA 2007-33 XUL pages can hide the window titlebar
    - MFSA 2007-32 File input focus stealing vulnerability
    - MFSA 2007-31 Browser digest authentication request splitting
    - MFSA 2007-30 onUnload Tailgating
    - MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
  + Fixed in Firefox 2.0.0.7
    - MFSA 2007-28 Code execution via QuickTime Media-link files
  + Fixed in Firefox 2.0.0.6
    - MFSA 2007-27 Unescaped URIs passed to external programs
    - MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
  + Fixed in Firefox 2.0.0.5
    - MFSA 2007-25 XPCNativeWrapper pollution
    - MFSA 2007-24 Unauthorized access to wyciwyg:// documents
    - MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
    - MFSA 2007-22 File type confusion due to %00 in name
    - MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
    - MFSA 2007-20 Frame spoofing while window is loading
    - MFSA 2007-19 XSS using addEventListener and setTimeout
    - MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
* drop patches applied upstream
  - delete debian/patches/35_psm_wakeups.dpatch
  - delete debian/patches/88_bz384304_lp117575_linkrecursion_fix_in_startscript.dpatch
  - update debian/patches/00list accordingly.
* adjust diverged patches
  - update debian/patches/99_configure.dpatch

Author: Alexander Sack
Revision Date: 2009-03-31 15:57:00 UTC

* two years worth of security updates for gutsy-security xulrunner 1.8
  + Fixed on Firefox EOL branch
    - MFSA 2009-13 Arbitrary code execution through XUL <tree> element
    - MFSA 2009-12 XSL Transformation vulnerability
    - MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
    - MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
    - MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
    - MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies
    - MFSA 2009-03 Local file stealing with SessionStore
    - MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)
  + Fixed in Firefox 2.0.0.20
    - MFSA 2008-65 Cross-domain data theft via script redirect error message (Windows)
  + Fixed in Firefox 2.0.0.19
    - MFSA 2008-69 XSS vulnerabilities in SessionStore
    - MFSA 2008-68 XSS and JavaScript privilege escalation
    - MFSA 2008-67 Escaped null characters ignored by CSS parser
    - MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
    - MFSA 2008-65 Cross-domain data theft via script redirect error message
    - MFSA 2008-64 XMLHttpRequest 302 response disclosure
    - MFSA 2008-62 Additional XSS attack vectors in feed preview
    - MFSA 2008-61 Information stealing via loadBindingDocument
    - MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)
  + Fixed in Firefox 2.0.0.18
    - MFSA 2008-58 Parsing error in E4X default namespace
    - MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
    - MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - MFSA 2008-55 Crash and remote code execution in nsFrameManager
    - MFSA 2008-54 Buffer overflow in http-index-format parser
    - MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
    - MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
    - MFSA 2008-50 Crash and remote code execution via __proto__ tampering
    - MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
    - MFSA 2008-48 Image stealing via canvas and HTTP redirect
    - MFSA 2008-47 Information stealing via local shortcut files
  + Fixed in Firefox 2.0.0.17
    - MFSA 2008-45 XBM image uninitialized memory reading
    - MFSA 2008-44 resource: traversal vulnerabilities
    - MFSA 2008-43 BOM characters stripped from JavaScript before execution
    - MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
    - MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
    - MFSA 2008-40 Forced mouse drag
    - MFSA 2008-39 Privilege escalation using feed preview page and XSS flaw
    - MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
    - MFSA 2008-37 UTF-8 URL stack buffer overflow
  + Fixed in Firefox 2.0.0.16
    - MFSA 2008-35 Command-line URLs launch multiple tabs when Firefox not running
    - MFSA 2008-34 Remote code execution by overflowing CSS reference counter
  + Fixed in Firefox 2.0.0.15
    - MFSA 2008-33 Crash and remote code execution in block reflow
    - MFSA 2008-32 Remote site run as local file via Windows URL shortcut
    - MFSA 2008-31 Peer-trusted certs can use alt names to spoof
    - MFSA 2008-30 File location URL in directory listings not escaped properly
    - MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
    - MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
    - MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
    - MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
    - MFSA 2008-24 Chrome script loading from fastload file
    - MFSA 2008-23 Signed JAR tampering
    - MFSA 2008-22 XSS through JavaScript same-origin violation
    - MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
  + Fixed in Firefox 2.0.0.14
    - MFSA 2008-20 Crash in JavaScript garbage collector
  + Fixed in Firefox 2.0.0.13
    - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
    - MFSA 2008-18 Java socket connection to any local port via LiveConnect
    - MFSA 2008-17 Privacy issue with SSL Client Authentication
    - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
    - MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
    - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
  + Fixed in Firefox 2.0.0.12
    - MFSA 2008-13 Multiple XSS vulnerabilities from character encoding
    - MFSA 2008-11 Web forgery overwrite with div overlay
    - MFSA 2008-10 URL token stealing via stylesheet redirect
    - MFSA 2008-09 Mishandling of locally-saved plain text files
    - MFSA 2008-08 File action dialog tampering
    - MFSA 2008-07 Possible information disclosure in BMP decoder
    - MFSA 2008-06 Web browsing history and forward navigation stealing
    - MFSA 2008-05 Directory traversal via chrome: URI
    - MFSA 2008-04 Stored password corruption
    - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
    - MFSA 2008-02 Multiple file input focus stealing vulnerabilities
    - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
  + Fixed in Firefox 2.0.0.11
    - Firefox 2.0.0.11 fixed a bug introduced by the 2.0.0.10 update in the <canvas>
      feature that affected some web pages and extensions. There were no security-related
      fixes in this release.
  + Fixed in Firefox 2.0.0.10
    - MFSA 2007-39 Referer-spoofing via window.location race condition
    - MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
    - MFSA 2007-37 jar: URI scheme XSS hazard
  + Fixed in Firefox 2.0.0.9
    - Firefox 2.0.0.9 fixed a small number of rendering bugs introduced by the 2.0.0.8 release;
      there were no security fixes.
  + Fixed in Firefox 2.0.0.8
    - MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
    - MFSA 2007-35 XPCNativeWrapper pollution using Script object
    - MFSA 2007-34 Possible file stealing through sftp protocol
    - MFSA 2007-33 XUL pages can hide the window titlebar
    - MFSA 2007-32 File input focus stealing vulnerability
    - MFSA 2007-31 Browser digest authentication request splitting
    - MFSA 2007-30 onUnload Tailgating
    - MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
  + Fixed in Firefox 2.0.0.7
    - MFSA 2007-28 Code execution via QuickTime Media-link files
  + Fixed in Firefox 2.0.0.6
    - MFSA 2007-27 Unescaped URIs passed to external programs
    - MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
  + Fixed in Firefox 2.0.0.5
    - MFSA 2007-25 XPCNativeWrapper pollution
    - MFSA 2007-24 Unauthorized access to wyciwyg:// documents
    - MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
    - MFSA 2007-22 File type confusion due to %00 in name
    - MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
    - MFSA 2007-20 Frame spoofing while window is loading
    - MFSA 2007-19 XSS using addEventListener and setTimeout
    - MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)
* drop patches applied upstream
  - delete debian/patches/35_psm_wakeups.dpatch
  - delete debian/patches/88_bz384304_lp117575_linkrecursion_fix_in_startscript.dpatch
  - update debian/patches/00list accordingly.
* adjust diverged patches
  - update debian/patches/99_configure.dpatch

Author: Alexander Sack
Revision Date: 2007-09-28 12:38:52 UTC

debian/control: build depend on ecj instead of ecj-bootstrap, that doesn't
exist anymore.

Author: Michael Bienia
Revision Date: 2007-03-10 18:44:59 UTC

* Merge from Debian unstable, remaining changes:
  + Fixing __x86_64__ FTBFS
    - Added 100_ubuntu_pyginputstream.dpatch
    - Added 100_ubuntu_pyiinputstream.dpatch
  + debian/control: Change Maintainer/XSBC-Original-Maintainer field.

Author: Matthias Klose
Revision Date: 2006-09-03 13:39:45 UTC

Relax the dependencies even more, so that the -dev packages can be
installed with the arm binaries currently in the archive (1.8.0.4).

Author: Devid Antonio Filoni
Revision Date: 2008-08-25 13:04:18 UTC

* New upstream release (taken from upstream CVS), LP: #254618.
* Fix MFSA 2008-35, MFSA 2008-34, MFSA 2008-33, MFSA 2008-32, MFSA 2008-31,
  MFSA 2008-30, MFSA 2008-29, MFSA 2008-28, MFSA 2008-27, MFSA 2008-25,
  MFSA 2008-24, MFSA 2008-23, MFSA 2008-22, MFSA 2008-21, MFSA 2008-26 also
  known as CVE-2008-2933, CVE-2008-2785, CVE-2008-2811, CVE-2008-2810,
  CVE-2008-2809, CVE-2008-2808, CVE-2008-2807, CVE-2008-2806, CVE-2008-2805,
  CVE-2008-2803, CVE-2008-2802, CVE-2008-2801, CVE-2008-2800, CVE-2008-2798.
* Drop 89_bz419350_attachment_306066 patch, merged upstream.
* Bump Standards-Version to 3.8.0.