Created by Fabien Tassin on 2008-09-30 and last modified on 2009-07-26
Get this branch:
bzr branch lp:~mozillateam/seamonkey/seamonkey-1.1.hardy
Members of Mozilla Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Mozilla Team

Recent revisions

155. By Alexander Sack on 2009-07-26

(merge) RELEASE 1.1.17+nobinonly-0ubuntu0.8.04.1 to ubuntu/hardy-security
* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

154. By Alexander Sack on 2009-03-31

RELEASE 1.1.15+nobinonly-0ubuntu1.8.04.2 to ubuntu/hardy-security with security fixes
* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

153. By Alexander Sack on 2009-03-31

(merge) RELEASE 1.1.15+nobinonly-0ubuntu1.8.04.1 to ubuntu/hardy-security
* New security upstream release: 1.1.15 (LP: #309655)
  - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
  - CVE-2009-0352: Crashes with evidence of memory corruption (rv:
  - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
  - CVE-2009-0771: Crashes with evidence of memory corruption (rv:
  - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect
* New security upstream release: 1.1.14 (LP: #309655)
  - CVE-2008-5511: XSS and JavaScript privilege escalation
  - CVE-2008-5510: Escaped null characters ignored by CSS parser
  - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
  - CVE-2008-5507: Cross-domain data theft via script redirect error message
  - CVE-2008-5506: XMLHttpRequest 302 response disclosure
  - CVE-2008-5503: Information stealing via loadBindingDocument
  - CVE-2008-5501..5500: Crashes with evidence of memory corruption
* drop patches applied upstream
  - delete debian/patches/35_zip_cache.patch
  - update debian/patches/series

152. By Alexander Sack on 2008-11-26

* RELEASE 1.1.13+nobinonly-0ubuntu0.8.04.1 to ubuntu/hardy-security

151. By Alexander Sack on 2008-11-26

* re-run autoconf2.13 to update configure patch to changed upstream codebase
  - update debian/patches/99_configure.patch

150. By Alexander Sack on 2008-11-26

* New security upstream release: 1.1.13 (LP: #297789)
  - CVE-2008-4582: Information stealing via local shortcut files
  - CVE-2008-5012: Image stealing via canvas and HTTP redirect
  - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
  - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
  - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
  - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
  - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
  - CVE-2008-0017: Buffer overflow in http-index-format parser
  - CVE-2008-5021: Crash and remote code execution in nsFrameManager
  - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
  - CVE-2008-5024: Parsing error in E4X default namespace
  - CVE-2008-4582 (MFSA2008-59): Script access to .documentURI and .textContent in mail

149. By Fabien Tassin on 2008-09-30

* RELEASE 1.1.12+nobinonly-0ubuntu0.8.04.1 to Ubuntu/hardy-security

148. By Fabien Tassin on 2008-09-30

* Improve MFSA / CVE descriptions in changelog

147. By Fabien Tassin on 2008-09-30

* Revert default gcc changes
  - update debian/control
  - update debian/rules

146. By Fabien Tassin on 2008-09-30

* Merge changes from seamonkey-1.1.dev #154, drop -U_FORTIFY_SOURCE only needed on intrepid

Branch metadata

Branch format:
Branch format 5
Repository format:
Bazaar pack repository format 1 (needs bzr 0.92)
This branch contains Public information 
Everyone can see this information.