lp:ubuntu/karmic/seamonkey
- Get this branch:
- bzr branch lp:ubuntu/karmic/seamonkey
Branch merges
Branch information
Recent revisions
- 12. By John Vivirito
-
* New upstream security release: 1.1.17 (LP: #356274)
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
* removed debian/patches/ 90_181_ 485217_ attachment_ 369357. patch
* removed debian/patches/ 90_181_ 485286_ attachment_ 369457. patch
- update debian/patches/ series - 11. By Alexander Sack
-
* CVE-2009-1044: Arbitrary code execution via XUL tree element
- add debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
- update debian/patches/ series
* CVE-2009-1169: XSL Transformation vulnerability
- add 90_181_485217_ attachment_ 369357. patch
- add debian/patches/ 90_181_ 485286_ attachment_ 369457. patch - 10. By John Vivirito
-
* New security upstream release: 1.1.15 (LP: #309655)
- CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
- CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
- CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
- CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
- CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - 9. By Alexander Sack
-
* New security upstream release: 1.1.13 (LP: #297789)
- CVE-2008-4582: Information stealing via local shortcut files
- CVE-2008-5012: Image stealing via canvas and HTTP redirect
- CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
- CVE-2008-5014: Crash and remote code execution via __proto__ tampering
- CVE-2008-5017: Browser engine crash - Firefox 2 and 3
- CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
- CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
- CVE-2008-0017: Buffer overflow in http-index-format parser
- CVE-2008-5021: Crash and remote code execution in nsFrameManager
- CVE-2008-5022: nsXMLHttpRequest::NotifyEventL isteners( ) same-origin violation
- CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
- CVE-2008-5024: Parsing error in E4X default namespace
- CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail* re-run autoconf2.13 to update configure patch to changed upstream codebase
- update debian/patches/ 99_configure. patch - 8. By Fabien Tassin
-
* New security upstream release: 1.1.12 (LP: #276437)
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedir ect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow - 7. By Fabien Tassin
-
* New security upstream release: 1.1.11 (LP: #218534)
Fixes USN-602-1, USN-619-1, USN-623-1 and USN-629-1
* Refresh diverged patch:
- update debian/patches/ 80_security_ build.patch
* Fix FTBFS with missing -lfontconfig
- add debian/patches/ 11_fix_ ftbfs_with_ fontconfig. patch
- update debian/patches/ series
* Build with default gcc (hardy: 4.2, intrepid: 4.3)
- update debian/rules
- update debian/control - 6. By Fabien Tassin
-
* New security upstream release: 1.1.9 (LP: #207461)
* Security fixes:
- MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
- MFSA 2008-18 Java socket connection to any local port via LiveConnect
- MFSA 2008-17 Privacy issue with SSL Client Authentication
- MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
- MFSA 2008-15 Crashes with evidence of memory corruption
- MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
* Drop patches applied upstream:
- drop debian/patches/ 11_bz399589_ fix_missing_ symbol_ with_new_ nss.patch
- update debian/patches/ series
* Add missing Ubuntu-specific menu items (LP: #190845)
- add debian/patches/ 85_ubuntu_ menu.patch
- update debian/patches/ series
Contributed by Andrea Colangelo <email address hidden> - 5. By Fabien Tassin
-
* New security upstream release: 1.1.8
* Security fixes:
- MFSA 2008-10 URL token stealing via stylesheet redirect
- MFSA 2008-09 Mishandling of locally-saved plain text files
- MFSA 2008-06 Web browsing history and forward navigation stealing
- MFSA 2008-05 Directory traversal via chrome: URI
- MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
- MFSA 2008-02 Multiple file input focus stealing vulnerabilities
- MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
* Drop unwanted patches:
- drop debian/patches/ 82_homepage. patch
- drop debian/patches/ 85_about. patch
- drop debian/patches/ 85_release_ notes.patch
- update debian/patches/ series
* Update diverged patch:
- update debian/patches/ 99_configure. patch - 4. By Fabien Tassin
-
* bump Standards-Version to 3.7.3
- update debian/control
* Add comments to patches lacking one
- update debian/patches/ 11_bz399589_ fix_missing_ symbol_ with_new_ nss.patch
- update debian/patches/ 12_fix_ ftbfs_with_ nss.patch
* Drop extensions from icons in the .desktop files
- update debian/menu_dir/ *.desktop
* Drop Uploaders: field as it doesn't mean anything for Ubuntu
- update debian/control
* Reference the specific versions of the GPL and LGPL
- update debian/copyright
* Add get-orig-source and get-current-source to respectively
fetch and repack a newer tarball or the current tarball needed
to build this version of the package
- update debian/rules
* Update 'section' of all menu files to be compliant with Debian
Menu System
- update debian/*.menu - 3. By Fabien Tassin
-
* New security upstream release: 1.1.7 (LP: #174739)
* MSFA 2007-37, MSFA 2007-38, MSFA 2007-39
* Drop patches applied upstream
- drop debian/patches/ 65_branding_ bug_401824. patch
- drop debian/patches/ 65_composer_ charset. patch
- update debian/patches/ series
* Update debian/patches/ 99_configure. patch
* Add Vcs-Bzr: and Homepage: fields to control
- update debian/control
* Change dfsg into nobinonly in watch file
- update debian/watch
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/seamonkey