SeaMonkey: all-in-one Internet application suite

lp:~mozillateam/seamonkey/seamonkey-1.1.hardy

Created by Fabien Tassin on 2008-09-30 and last modified on 2009-07-26
Get this branch:
bzr branch lp:~mozillateam/seamonkey/seamonkey-1.1.hardy
Members of Mozilla Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Mozilla Team
Project:
SeaMonkey
Status:
Abandoned

Recent revisions

155. By Alexander Sack on 2009-07-26

(merge) RELEASE 1.1.17+nobinonly-0ubuntu0.8.04.1 to ubuntu/hardy-security
* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

154. By Alexander Sack on 2009-03-31

RELEASE 1.1.15+nobinonly-0ubuntu1.8.04.2 to ubuntu/hardy-security with security fixes
* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

153. By Alexander Sack on 2009-03-31

(merge) RELEASE 1.1.15+nobinonly-0ubuntu1.8.04.1 to ubuntu/hardy-security
* New security upstream release: 1.1.15 (LP: #309655)
  - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
  - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
  - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
  - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
  - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect
* New security upstream release: 1.1.14 (LP: #309655)
  - CVE-2008-5511: XSS and JavaScript privilege escalation
  - CVE-2008-5510: Escaped null characters ignored by CSS parser
  - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
  - CVE-2008-5507: Cross-domain data theft via script redirect error message
  - CVE-2008-5506: XMLHttpRequest 302 response disclosure
  - CVE-2008-5503: Information stealing via loadBindingDocument
  - CVE-2008-5501..5500: Crashes with evidence of memory corruption
    (rv:1.9.0.5/1.8.1.19)
* drop patches applied upstream
  - delete debian/patches/35_zip_cache.patch
  - update debian/patches/series

152. By Alexander Sack on 2008-11-26

* RELEASE 1.1.13+nobinonly-0ubuntu0.8.04.1 to ubuntu/hardy-security

151. By Alexander Sack on 2008-11-26

* re-run autoconf2.13 to update configure patch to changed upstream codebase
  - update debian/patches/99_configure.patch

150. By Alexander Sack on 2008-11-26

* New security upstream release: 1.1.13 (LP: #297789)
  - CVE-2008-4582: Information stealing via local shortcut files
  - CVE-2008-5012: Image stealing via canvas and HTTP redirect
  - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
  - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
  - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
  - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
  - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
  - CVE-2008-0017: Buffer overflow in http-index-format parser
  - CVE-2008-5021: Crash and remote code execution in nsFrameManager
  - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
  - CVE-2008-5024: Parsing error in E4X default namespace
  - CVE-2008-4582 (MFSA2008-59): Script access to .documentURI and .textContent in mail

149. By Fabien Tassin on 2008-09-30

* RELEASE 1.1.12+nobinonly-0ubuntu0.8.04.1 to Ubuntu/hardy-security

148. By Fabien Tassin on 2008-09-30

* Improve MFSA / CVE descriptions in changelog

147. By Fabien Tassin on 2008-09-30

* Revert default gcc changes
  - update debian/control
  - update debian/rules

146. By Fabien Tassin on 2008-09-30

* Merge changes from seamonkey-1.1.dev #154, drop -U_FORTIFY_SOURCE only needed on intrepid

Branch metadata

Branch format:
Branch format 5
Repository format:
Bazaar pack repository format 1 (needs bzr 0.92)
This branch contains Public information 
Everyone can see this information.