lp:debian/squeeze/icedove
- Get this branch:
- bzr branch lp:debian/squeeze/icedove
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 20. By Christoph Goehre <email address hidden>
-
[b3c6c90] Reimplement UTF-7 in mailnews (Closes: #671408, #671410)
- 19. By Christoph Goehre <email address hidden>
-
* [6f96c16] backported patches from xulrunner fixes mfsa2011-{46,47,49}
- MFSA 2011-46 aka CVE-2011-3647: loadSubScript unwraps XPCNativeWrapper
scope parameter
- MFSA 2011-47 aka CVE-2011-3648: Potential XSS against sites using
Shift-JIS
- MFSA 2011-49 aka CVE-2011-3650: Memory corruption while profiling using
Firebug - 18. By Christoph Goehre <email address hidden>
-
* [44577f9] backported patches from xulrunner fixes mfsa2011-{36-40}
- MFSA 2011-36 aka CVE-2011-2995: Miscellaneous memory safety hazards
(rv:7.0 / rv:1.9.2.23)
- MFSA 2011-37 aka CVE-2011-2998: Integer underflow when using JavaScript
RegExp
- MFSA 2011-38 aka CVE-2011-2999: XSS via plugins and shadowed
window.location object
- MFSA 2011-39 aka CVE-2011-3000: Defense against multiple Location
headers due to CRLF Injection
- MFSA 2011-40 aka CVE-2011-2372, CVE-2011-3001: Code installation through
holding down Enter - 17. By Christoph Goehre <email address hidden>
-
* [66361e1] backported patches from xulrunner fixes mfsa2011-{12-14,16}
- MFSA 2011-12 aka CVE-2011-0069, CVE-2011-0070, CVE-2011-0072,
CVE-2011- 0074, CVE-2011-0075, CVE-2011-0077,
CVE-2011- 0078, CVE-2011-0080:
Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/ 1.9.1.19)
- MFSA 2011-13 aka CVE-2011-0065, CVE-2011-0066, CVE-2011-0073:
Multiple dangling pointer vulnerabilities
- MFSA 2011-14 aka CVE-2011-0067: Information stealing via form history
- MFSA 2011-16 aka CVE-2011-0071: Directory traversal in resource:
protocol
* [8e5f78f] gfx/ots/include/ opentype- sanitiser. h: strict alignment issues
when displaying OpenType fonts. - 16. By Christoph Goehre <email address hidden>
-
* [2bf1366] backported patches from xulrunner fixes mfsa2011-{01-08,10}
- MFSA 2011-01 aka CVE-2011-0053: Miscellaneous memory safety hazards
(rv:1.9.2.14/ 1.9.1.17)
- MFSA 2011-02 aka CVE-2011-0051: Recursive eval call causes confirm
dialogs to evaluate to true
- MFSA 2011-03 aka CVE-2011-0055: Use-after-free error in JSON.stringify
- MFSA 2011-04 aka CVE-2011-0054: Buffer overflow in JavaScript upvarMap
- MFSA 2011-05 aka CVE-2011-0056: Buffer overflow in JavaScript atom map
- MFSA 2011-06 aka CVE-2011-0057: Use-after-free error using Web Workers
- MFSA 2011-07 aka CVE-2011-0058: Memory corruption during text run
construction (Windows)
- MFSA 2011-08 aka CVE-2010-1585: ParanoidFragmentSink allows javascript:
URLs in chrome documents
- MFSA 2011-10 aka CVE-2011-0059: CSRF risk with plugins and 307 redirects - 15. By Christoph Goehre <email address hidden>
-
* New Upstream Version
- MFSA 2010-74 aka CVE-2010-3776, CVE-2010-3778: Miscellaneous memory
safety hazards (rv:1.9.2.13/ 1.9.1.16)
- MFSA 2010-75 aka CVE-2010-3769: Buffer overflow while line breaking
after document.write with long string
- MFSA 2010-78 aka CVE-2010-3768: Add support for OTS font sanitizer
* [d468f16] rebuild patch queue from patch-queue branch
added patches:
- 0059-fix-forwarding- of-Simple- HTML-email. patch
obsolete patches (fixed upstream):
- 0057-Calculate-negotiate- auth-token- length- after-removing. patch
* [f7c6501] add license info for gfx/ots - 14. By Christoph Goehre <email address hidden>
-
* New Upstream Version
- MFSA 2010-73 aka CVE-2010-3765: Heap buffer overflow mixing
document.write and DOM insertion - 13. By Christoph Goehre <email address hidden>
-
* New Upstream Version
- MFSA 2010-64 aka CVE-2010-3174, CVE-2010-3176: Miscellaneous memory
safety hazards (rv:1.9.2.11/ 1.9.1.14)
- MFSA 2010-65 aka CVE-2010-3179: Buffer overflow and memory corruption
using document.write
- MFSA 2010-66 aka CVE-2010-3180: Use-after-free error in nsBarProp
- MFSA 2010-67 aka CVE-2010-3183: Dangling pointer vulnerability in
LookupGetterOrSetter
- MFSA 2010-69 aka CVE-2010-3178: Cross-site information disclosure via
modal calls
- MFSA 2010-71 aka CVE-2010-3182: Unsafe library loading vulnerabilities
* [2f5fb48] rebuild patch queue from patch-queue branch
added patches:
- 0059-Use-errno.ENOENT- instead- of-2-in- JarMaker. py.patch
modified patches:
- 0054-Use-syscall- for-mmap- and-munmap- and-disable- ncpus-in. patch
* [d82f4a8] Bump up version of build dependencies libnspr4-dev and
libnss3-dev - 11. By Christoph Goehre <email address hidden>
-
* New Upstream Version
- MFSA 2010-49 aka CVE-2010-3169: Miscellaneous memory safety hazards
(rv:1.9.2.9/ 1.9.1.12)
- MFSA 2010-50 aka CVE-2010-2765: Frameset integer overflow vulnerability
- MFSA 2010-51 aka CVE-2010-2767: Dangling pointer vulnerability using DOM
plugin array
- MFSA 2010-53 aka CVE-2010-3166: Heap buffer overflow in
nsTextFrameUtils:: TransformText
- MFSA 2010-54 aka CVE-2010-2760: Dangling pointer vulnerability in
nsTreeSelection
- MFSA 2010-55 aka CVE-2010-3168: XUL tree removal crash and remote code
execution
- MFSA 2010-56 ala CVE-2010-3167: Dangling pointer vulnerability in
nsTreeContentView
- MFSA 2010-57 aka CVE-2010-2766: Crash and remote code execution in
normalizeDocument
- MFSA 2010-60 aka CVE-2010-2763: XSS using SJOW scripted function
- MFSA 2010-61 aka CVE-2010-2768: UTF-7 XSS by overriding document charset
using <object> type attribute
- MFSA 2010-62 aka CVE-2010-2769: Copy-and-paste or drag-and-drop into
designMode document allows XSS
- MFSA 2010-63 aka CVE-2010-2764: Information leak via XMLHttpRequest
statusText
* [1bf1dab] rebuild patch queue from patch-queue branch
added patches:
- 0057-Calculate-negotiate- auth-token- length- after-removing. patch
- 0058-Fix-unaligned- reads-in- qcms.patch
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)