Ubuntu
seamonkey package

lp://staging/ubuntu/hardy-updates/seamonkey

  1. Hardy (8.04)
  2. hardy-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/hardy-updates/seamonkey
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

14. By Chris Coulson

* New upstream release v2.0.11 (SEAMONKEY_2_0_11_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.11
* Fixes LP: #575160 - seamonkey 2.0 crashes with 'RenderBadPicture'

13. By Chris Coulson

* New upstream release v2.0.10 (SEAMONKEY_2_0_10_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.10

12. By Chris Coulson

* New upstream release v2.0.9 (SEAMONKEY_2_0_9_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
  symlink to the system dictionaries
  - update debian/rules
  - update debian/seamonkey-browser.install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
  postinst script. The seamonkey package is just a meta-package, and
  the file is shipped by seamonkey-browser. Changing this ensures that
  seamonkey doesn't fail to configure if there is version skew during
  upgrades, and avoids the need for having tight dependencies
  - update debian/rules
  - remove debian/seamonkey.postinst.in
  - remove debian/seamonkey.prerm.in

11. By Chris Coulson

* New upstream release v2.0.8 (SEAMONKEY_2_0_8_BUILD1)

* SECURITY UPDATES:
* MFSA 2010-49: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
  - CVE-2010-3169
* MFSA 2010-50: Frameset integer overflow vulnerability
  - CVE-2010-2765
* MFSA 2010-51: Dangling pointer vulnerability using DOM plugin array
  - CVE-2010-2767
* MFSA 2010-52: Windows XP DLL loading vulnerability
  - CVE-2010-3131
* MFSA 2010-53: Heap buffer overflow in nsTextFrameUtils::TransformText
  - CVE-2010-3166
* MFSA 2010-54: Dangling pointer vulnerability in nsTreeSelection
  - CVE-2010-2760
* MFSA 2010-55: XUL tree removal crash and remote code execution
  - CVE-2010-3168
* MFSA 2010-56: Dangling pointer vulnerability in nsTreeContentView
  - CVE-2010-3167
* MFSA 2010-57: Crash and remote code execution in normalizeDocument
  - CVE-2010-2766
* MFSA 2010-58: Crash on Mac using fuzzed font in data: URL
  - CVE-2010-2770
* MFSA 2010-60: XSS using SJOW scripted functio
  - CVE-2010-2763
* MFSA 2010-61: UTF-7 XSS by overriding document charset using <object>
  type attribute
  - CVE-2010-2768
* MFSA 2010-62: Copy-and-paste or drag-and-drop into designMode document
  allows XSS
  - CVE-2010-62
* MFSA 2010-63: Information leak via XMLHttpRequest statusText
  - CVE-2010-63

* Refresh patches for new upstream version
  - update debian/patches/seamonkey-fsh.patch
* Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
  Install the newsblog.js XPCOM component
  - update debian/seamonkey-mailnews.install

10. By Micah Gersten

* New upstream release v2.0.5 (SEAMONKEY_2_0_5_BUILD1)

[ Fabien Tassin <email address hidden> ]
* Add conditional support for system Cairo, NSS, NSPR
  - update debian/rules
* Update icons from xpm to png
  - update debian/seamonkey-*.{install,links,menu}
* We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
  - add debian/patches/no_dynamic_nss_softokn.patch
  - update debian/patches/series

[ Micah Gersten <email address hidden> ]
* Use versioned install directory
  - update debian/rules
* Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
  NSS to 3.12.6
  - update debian/rules
* Update .install files for latest release
  - update debian/seamonkey-browser.install
  - update debian/seamonkey-mailnews.install
* Refresh patches
  - update debian/patches/cleaner_dist_clean.patch
  - update debian/patches/fix_installer.patch
  - update debian/patches/seamonkey-fsh.patch
* Drop cairo FTBFS patch after upstream landing
  - drop debian/patches/fix_ftbfs_with_cairo_fb.patch
  - update debian/series
* Install gnome components in -browser package so that it works out of the box
  - update debian/seamonkey-browser.install
  - update debian/control
  - update debian/rules
* Move mozclient to be in source
  - add debian/mozclient/compare.mk
  - add debian/mozclient/seamonkey-remove.binonly.sh
  - add debian/mozclient/seamonkey.conf
  - add debian/mozclient/seamonkey.mk
  - update debian/rules
* Fix FTBFS on Sparc by disabling jit (LP: #523627)
  - update debian/rules

[ Chris Coulson <email address hidden> ]
* Ensure the symlinks are installed correctly. File name expansion
  doesn't work in the .links files, so call dh_link explicitly in
  debian/rules instead
  - drop debian/seamonkey-browser.links
  - drop debian/seamonkey-mailnews.links
  - update debian/rules
* Only the seamonkey-gnome-support package should have dependencies on GNOME
  libraries - ensure that seamonkey-browser doesn't have the GNOME components
  installed when dh_shlibdeps is run
  - update debian/rules
  - update debian/seamonkey-browser.install

9. By John Vivirito

* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

8. By Alexander Sack

* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

7. By Fabien Tassin

* New security upstream release: 1.1.12 (LP: #276437)
  - CVE-2008-4070: Heap overflow when canceling newsgroup message
  - CVE-2008-4069: XBM image uninitialized memory reading
  - CVE-2008-4067..4068: resource: traversal vulnerabilities
  - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
  - CVE-2008-4061..4064: Crashes with evidence of memory corruption
  - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
  - CVE-2008-3837: Forced mouse drag
  - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
  - CVE-2008-0016: UTF-8 URL stack buffer overflow
* Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
  - CVE-2008-2785: Remote code execution by overflowing CSS reference counter
  - CVE-2008-2811: Crash and remote code execution in block reflow
  - CVE-2008-2810: Remote site run as local file via Windows URL shortcut
  - CVE-2008-2809: Peer-trusted certs can use alt names to spoof
  - CVE-2008-2808: File location URL in directory listings not escaped properly
  - CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
  - CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
  - CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
  - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
  - CVE-2008-2803: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
  - CVE-2008-2802: Chrome script loading from fastload file
  - CVE-2008-2801: Signed JAR tampering
  - CVE-2008-2800: XSS through JavaScript same-origin violation
  - CVE-2008-2798..2799: Crashes with evidence of memory corruption
  - CVE-2008-1380: Crash in JavaScript garbage collector
* Refresh diverged patch:
  - update debian/patches/80_security_build.patch
* Fix FTBFS with missing -lfontconfig
  - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
  - update debian/patches/series

6. By Fabien Tassin

* New security upstream release: 1.1.9 (LP: #207461)
* Security fixes:
  - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
  - MFSA 2008-18 Java socket connection to any local port via LiveConnect
  - MFSA 2008-17 Privacy issue with SSL Client Authentication
  - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
  - MFSA 2008-15 Crashes with evidence of memory corruption
  - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
* Drop patches applied upstream:
  - drop debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
  - update debian/patches/series
* Add missing Ubuntu-specific menu items (LP: #190845)
  - add debian/patches/85_ubuntu_menu.patch
  - update debian/patches/series
  Contributed by Andrea Colangelo <email address hidden>

5. By Fabien Tassin

* New security upstream release: 1.1.8
* Security fixes:
  - MFSA 2008-10 URL token stealing via stylesheet redirect
  - MFSA 2008-09 Mishandling of locally-saved plain text files
  - MFSA 2008-06 Web browsing history and forward navigation stealing
  - MFSA 2008-05 Directory traversal via chrome: URI
  - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
  - MFSA 2008-02 Multiple file input focus stealing vulnerabilities
  - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
* Drop unwanted patches:
  - drop debian/patches/82_homepage.patch
  - drop debian/patches/85_about.patch
  - drop debian/patches/85_release_notes.patch
  - update debian/patches/series
* Update diverged patch:
  - update debian/patches/99_configure.patch

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/karmic/seamonkey
This branch contains Public information 
Everyone can see this information.

Subscribers