Ubuntu
seamonkey package

lp:ubuntu/karmic/seamonkey

  1. Karmic (9.10)
  2. karmic
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/karmic/seamonkey
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

12. By John Vivirito

* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

11. By Alexander Sack

* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

10. By John Vivirito

* New security upstream release: 1.1.15 (LP: #309655)
  - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
  - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
  - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
  - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
  - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

9. By Alexander Sack

* New security upstream release: 1.1.13 (LP: #297789)
  - CVE-2008-4582: Information stealing via local shortcut files
  - CVE-2008-5012: Image stealing via canvas and HTTP redirect
  - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
  - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
  - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
  - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
  - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
  - CVE-2008-0017: Buffer overflow in http-index-format parser
  - CVE-2008-5021: Crash and remote code execution in nsFrameManager
  - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
  - CVE-2008-5024: Parsing error in E4X default namespace
  - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail

* re-run autoconf2.13 to update configure patch to changed upstream codebase
  - update debian/patches/99_configure.patch

8. By Fabien Tassin

* New security upstream release: 1.1.12 (LP: #276437)
  - CVE-2008-4070: Heap overflow when canceling newsgroup message
  - CVE-2008-4069: XBM image uninitialized memory reading
  - CVE-2008-4067..4068: resource: traversal vulnerabilities
  - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
  - CVE-2008-4061..4064: Crashes with evidence of memory corruption
  - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
  - CVE-2008-3837: Forced mouse drag
  - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
  - CVE-2008-0016: UTF-8 URL stack buffer overflow

7. By Fabien Tassin

* New security upstream release: 1.1.11 (LP: #218534)
  Fixes USN-602-1, USN-619-1, USN-623-1 and USN-629-1
* Refresh diverged patch:
  - update debian/patches/80_security_build.patch
* Fix FTBFS with missing -lfontconfig
  - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
  - update debian/patches/series
* Build with default gcc (hardy: 4.2, intrepid: 4.3)
  - update debian/rules
  - update debian/control

6. By Fabien Tassin

* New security upstream release: 1.1.9 (LP: #207461)
* Security fixes:
  - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
  - MFSA 2008-18 Java socket connection to any local port via LiveConnect
  - MFSA 2008-17 Privacy issue with SSL Client Authentication
  - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
  - MFSA 2008-15 Crashes with evidence of memory corruption
  - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
* Drop patches applied upstream:
  - drop debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
  - update debian/patches/series
* Add missing Ubuntu-specific menu items (LP: #190845)
  - add debian/patches/85_ubuntu_menu.patch
  - update debian/patches/series
  Contributed by Andrea Colangelo <email address hidden>

5. By Fabien Tassin

* New security upstream release: 1.1.8
* Security fixes:
  - MFSA 2008-10 URL token stealing via stylesheet redirect
  - MFSA 2008-09 Mishandling of locally-saved plain text files
  - MFSA 2008-06 Web browsing history and forward navigation stealing
  - MFSA 2008-05 Directory traversal via chrome: URI
  - MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
  - MFSA 2008-02 Multiple file input focus stealing vulnerabilities
  - MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
* Drop unwanted patches:
  - drop debian/patches/82_homepage.patch
  - drop debian/patches/85_about.patch
  - drop debian/patches/85_release_notes.patch
  - update debian/patches/series
* Update diverged patch:
  - update debian/patches/99_configure.patch

4. By Fabien Tassin

* bump Standards-Version to 3.7.3
  - update debian/control
* Add comments to patches lacking one
  - update debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
  - update debian/patches/12_fix_ftbfs_with_nss.patch
* Drop extensions from icons in the .desktop files
  - update debian/menu_dir/*.desktop
* Drop Uploaders: field as it doesn't mean anything for Ubuntu
  - update debian/control
* Reference the specific versions of the GPL and LGPL
  - update debian/copyright
* Add get-orig-source and get-current-source to respectively
  fetch and repack a newer tarball or the current tarball needed
  to build this version of the package
  - update debian/rules
* Update 'section' of all menu files to be compliant with Debian
  Menu System
  - update debian/*.menu

3. By Fabien Tassin

* New security upstream release: 1.1.7 (LP: #174739)
* MSFA 2007-37, MSFA 2007-38, MSFA 2007-39
* Drop patches applied upstream
  - drop debian/patches/65_branding_bug_401824.patch
  - drop debian/patches/65_composer_charset.patch
  - update debian/patches/series
* Update debian/patches/99_configure.patch
* Add Vcs-Bzr: and Homepage: fields to control
  - update debian/control
* Change dfsg into nobinonly in watch file
  - update debian/watch

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/seamonkey
This branch contains Public information 
Everyone can see this information.

Subscribers