lp://staging/ubuntu/lucid-security/seamonkey
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-security/seamonkey
Branch merges
Branch information
Recent revisions
- 20. By Chris Coulson
-
* New upstream release v2.0.11 (SEAMONKEY_
2_0_11_ BUILD1)
* SECURITY UPDATE:
- http://www.mozilla. org/security/ known-vulnerabi lities/ seamonkey20. html#seamonkey2 .0.11
* Fixes LP: #575160 - seamonkey 2.0 crashes with 'RenderBadPicture' - 19. By Chris Coulson
-
* New upstream release v2.0.10 (SEAMONKEY_
2_0_10_ BUILD1)
* SECURITY UPDATE:
- http://www.mozilla. org/security/ known-vulnerabi lities/ seamonkey20. html#seamonkey2 .0.10 - 18. By Chris Coulson
-
* New upstream release v2.0.9 (SEAMONKEY_
2_0_9_BUILD1)
* SECURITY UPDATE:
- http://www.mozilla. org/security/ known-vulnerabi lities/ seamonkey20. html#seamonkey2 .0.9 * Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
Bump minimum required version for system NSS to 3.12.8
- update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
Bump minimum required version for system NSPR to 4.8.6
- update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
symlink to the system dictionaries
- update debian/rules
- update debian/seamonkey- browser. install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
postinst script. The seamonkey package is just a meta-package, and
the file is shipped by seamonkey-browser. Changing this ensures that
seamonkey doesn't fail to configure if there is version skew during
upgrades, and avoids the need for having tight dependencies
- update debian/rules
- remove debian/seamonkey. postinst. in
- remove debian/seamonkey. prerm.in - 17. By Chris Coulson
-
* New upstream release v2.0.8 (SEAMONKEY_
2_0_8_BUILD1)
- Fixes for a number of non-security-relevant crashes - 16. By Chris Coulson
-
* New upstream release v2.0.7 (SEAMONKEY_
2_0_7_BUILD1) * SECURITY UPDATES:
* MFSA 2010-49: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
- CVE-2010-3169
* MFSA 2010-50: Frameset integer overflow vulnerability
- CVE-2010-2765
* MFSA 2010-51: Dangling pointer vulnerability using DOM plugin array
- CVE-2010-2767
* MFSA 2010-52: Windows XP DLL loading vulnerability
- CVE-2010-3131
* MFSA 2010-53: Heap buffer overflow in nsTextFrameUtils::TransformTex t
- CVE-2010-3166
* MFSA 2010-54: Dangling pointer vulnerability in nsTreeSelection
- CVE-2010-2760
* MFSA 2010-55: XUL tree removal crash and remote code execution
- CVE-2010-3168
* MFSA 2010-56: Dangling pointer vulnerability in nsTreeContentView
- CVE-2010-3167
* MFSA 2010-57: Crash and remote code execution in normalizeDocument
- CVE-2010-2766
* MFSA 2010-58: Crash on Mac using fuzzed font in data: URL
- CVE-2010-2770
* MFSA 2010-60: XSS using SJOW scripted functio
- CVE-2010-2763
* MFSA 2010-61: UTF-7 XSS by overriding document charset using <object>
type attribute
- CVE-2010-2768
* MFSA 2010-62: Copy-and-paste or drag-and-drop into designMode document
allows XSS
- CVE-2010-62
* MFSA 2010-63: Information leak via XMLHttpRequest statusText
- CVE-2010-63* Refresh patches for new upstream version
- update debian/patches/ seamonkey- fsh.patch
* Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
Install the newsblog.js XPCOM component
- update debian/seamonkey- mailnews. install - 15. By Micah Gersten
-
* New upstream release v2.0.6 (SEAMONKEY_
2_0_6_BUILD1)
* MFSA 2010-34: Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
- CVE-2010-1211
* MFSA 2010-35: DOM attribute cloning remote code execution vulnerability
- CVE-2010-1208
* MFSA 2010-36: Use-after-free error in NodeIterator
- CVE-2010-1209
* MFSA 2010-37: Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability
- CVE-2010-1214
* MFSA 2010-39: nsCSSValue::Array index integer overflow
- CVE-2010-2752
* MFSA 2010-40: nsTreeSelection dangling pointer remote code execution
vulnerability
- CVE-2010-2753
* MFSA 2010-41: Remote code execution using malformed PNG image
- CVE-2010-1205
* MFSA 2010-42: Cross-origin data disclosure via Web Workers and importScripts
- CVE-2010-1213
* MFSA 2010-45: Multiple location bar spoofing vulnerabilities
- CVE-2010-1206
- CVE-2010-2751
* MFSA 2010-46: Cross-domain data theft using CSS
- CVE-2010-0654
* MFSA 2010-47: Cross-origin data leakage from script filename in error
messages
- CVE-2010-2754 - 14. By Micah Gersten
-
* New upstream release v2.0.5 (SEAMONKEY_
2_0_5_BUILD1)
* MFSA 2010-25: Re-use of freed object due to scope confusion
- CVE-2010-1121
* MFSA 2010-26: Crashes with evidence of memory corruption
- CVE-2010-1200
- CVE-2010-1201
- CVE-2010-1202
* MFSA 2010-27: Use-after-free error in nsCycleCollector::MarkRoots( )
- CVE-2010-0183
* MFSA 2010-28: Freed object reuse across plugin instances
- CVE-2010-1198
* MFSA 2010-29: Heap buffer overflow in nsGenericDOMDataNode:: SetTextInternal
- CVE-2010-1196
* MFSA 2010-30: Integer Overflow in XSLT Node Sorting
- CVE-2010-1199
* MFSA 2010-31: focus() behavior can be used to inject or steal keystrokes
- CVE-2010-1125
* MFSA 2010-32: Content-Disposition: attachment ignored if Content-Type:
multipart also present
- CVE-2010-1197
* MFSA 2010-33: User tracking across sites using Math.random()
- CVE-2008-5913* Fix FTBFS on Sparc by disabling jit (LP: #523627)
- update debian/rules - 13. By Micah Gersten
-
* New upstream release v2.0.4 (SEAMONKEY_
2_0_4_RELEASE) (LP: #461864) [ Fabien Tassin <email address hidden> ]
* Add conditional support for system Cairo, NSS, NSPR
- update debian/rules
* Update icons from xpm to png
- update debian/seamonkey- *.{install, links,menu}
* We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
- add debian/patches/ no_dynamic_ nss_softokn. patch
- update debian/patches/ series [ Micah Gersten <email address hidden> ]
* Use versioned install directory
- update debian/rules
* Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
NSS to 3.12.6
- update debian/rules
* Update .install files for latest release
- update debian/seamonkey- browser. install
- update debian/seamonkey- mailnews. install
* Refresh patches
- update debian/patches/ cleaner_ dist_clean. patch
- update debian/patches/ fix_installer. patch
- update debian/patches/ seamonkey- fsh.patch
* Drop cairo FTBFS patch after upstream landing
- drop debian/patches/ fix_ftbfs_ with_cairo_ fb.patch
- update debian/series
* Install gnome components in -browser package so that it works out of the box
- update debian/seamonkey- browser. install
- update debian/control
- update debian/rules
* Move mozclient to be in source
- add debian/mozclient/ compare. mk
- add debian/mozclient/ seamonkey- remove. binonly. sh
- add debian/mozclient/ seamonkey. conf
- add debian/mozclient/ seamonkey. mk
- update debian/rules[ Chris Coulson <email address hidden> ]
* Ensure the symlinks are installed correctly. File name expansion
doesn't work in the .links files, so call dh_link explicitly in
debian/rules instead
- drop debian/seamonkey- browser. links
- drop debian/seamonkey- mailnews. links
- update debian/rules
* Only the seamonkey-gnome-support package should have dependencies on GNOME
libraries - ensure that seamonkey-browser doesn't have the GNOME components
installed when dh_shlibdeps is run
- update debian/rules
- update debian/seamonkey- browser. install - 12. By John Vivirito
-
* New upstream security release: 1.1.17 (LP: #356274)
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
* removed debian/patches/ 90_181_ 485217_ attachment_ 369357. patch
* removed debian/patches/ 90_181_ 485286_ attachment_ 369457. patch
- update debian/patches/ series - 11. By Alexander Sack
-
* CVE-2009-1044: Arbitrary code execution via XUL tree element
- add debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
- update debian/patches/ series
* CVE-2009-1169: XSL Transformation vulnerability
- add 90_181_485217_ attachment_ 369357. patch
- add debian/patches/ 90_181_ 485286_ attachment_ 369457. patch
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/maverick/seamonkey