lp:ubuntu/karmic-security/seamonkey
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/seamonkey
Branch merges
Related source package recipes
Branch information
Recent revisions
- 16. By Chris Coulson
-
* New upstream release v2.0.11 (SEAMONKEY_
2_0_11_ BUILD1)
* SECURITY UPDATE:
- http://www.mozilla. org/security/ known-vulnerabi lities/ seamonkey20. html#seamonkey2 .0.11
* Fixes LP: #575160 - seamonkey 2.0 crashes with 'RenderBadPicture' - 15. By Chris Coulson
-
* New upstream release v2.0.10 (SEAMONKEY_
2_0_10_ BUILD1)
* SECURITY UPDATE:
- http://www.mozilla. org/security/ known-vulnerabi lities/ seamonkey20. html#seamonkey2 .0.10 - 14. By Chris Coulson
-
* New upstream release v2.0.9 (SEAMONKEY_
2_0_9_BUILD1)
* SECURITY UPDATE:
- http://www.mozilla. org/security/ known-vulnerabi lities/ seamonkey20. html#seamonkey2 .0.9 * Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
Bump minimum required version for system NSS to 3.12.8
- update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
Bump minimum required version for system NSPR to 4.8.6
- update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
symlink to the system dictionaries
- update debian/rules
- update debian/seamonkey- browser. install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
postinst script. The seamonkey package is just a meta-package, and
the file is shipped by seamonkey-browser. Changing this ensures that
seamonkey doesn't fail to configure if there is version skew during
upgrades, and avoids the need for having tight dependencies
- update debian/rules
- remove debian/seamonkey. postinst. in
- remove debian/seamonkey. prerm.in - 13. By Chris Coulson
-
* New major upstream release v2.0.8 (SEAMONKEY_
2_0_8_BUILD1) [ Fabien Tassin <email address hidden> ]
* Add conditional support for system Cairo, NSS, NSPR
- update debian/rules
* Update icons from xpm to png
- update debian/seamonkey- *.{install, links,menu}
* We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
- add debian/patches/ no_dynamic_ nss_softokn. patch
- update debian/patches/ series [ Micah Gersten <email address hidden> ]
* Use versioned install directory
- update debian/rules
* Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
NSS to 3.12.6
- update debian/rules
* Update .install files for latest release
- update debian/seamonkey- browser. install
- update debian/seamonkey- mailnews. install
* Refresh patches
- update debian/patches/ cleaner_ dist_clean. patch
- update debian/patches/ fix_installer. patch
- update debian/patches/ seamonkey- fsh.patch
* Drop cairo FTBFS patch after upstream landing
- drop debian/patches/ fix_ftbfs_ with_cairo_ fb.patch
- update debian/series
* Install gnome components in -browser package so that it works out of the box
- update debian/seamonkey- browser. install
- update debian/control
- update debian/rules
* Move mozclient to be in source
- add debian/mozclient/ compare. mk
- add debian/mozclient/ seamonkey- remove. binonly. sh
- add debian/mozclient/ seamonkey. conf
- add debian/mozclient/ seamonkey. mk
- update debian/rules
* Fix FTBFS on Sparc by disabling jit (LP: #523627)
- update debian/rules[ Chris Coulson <email address hidden> ]
* Ensure the symlinks are installed correctly. File name expansion
doesn't work in the .links files, so call dh_link explicitly in
debian/rules instead
- drop debian/seamonkey- browser. links
- drop debian/seamonkey- mailnews. links
- update debian/rules
* Only the seamonkey-gnome-support package should have dependencies on GNOME
libraries - ensure that seamonkey-browser doesn't have the GNOME components
installed when dh_shlibdeps is run
- update debian/rules
- update debian/seamonkey- browser. install
* Refresh patches for new upstream version
- update debian/patches/ seamonkey- fsh.patch
* Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
Install the newsblog.js XPCOM component
- update debian/seamonkey- mailnews. install - 12. By John Vivirito
-
* New upstream security release: 1.1.17 (LP: #356274)
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
* removed debian/patches/ 90_181_ 485217_ attachment_ 369357. patch
* removed debian/patches/ 90_181_ 485286_ attachment_ 369457. patch
- update debian/patches/ series - 11. By Alexander Sack
-
* CVE-2009-1044: Arbitrary code execution via XUL tree element
- add debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
- update debian/patches/ series
* CVE-2009-1169: XSL Transformation vulnerability
- add 90_181_485217_ attachment_ 369357. patch
- add debian/patches/ 90_181_ 485286_ attachment_ 369457. patch - 10. By John Vivirito
-
* New security upstream release: 1.1.15 (LP: #309655)
- CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
- CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
- CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
- CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
- CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - 9. By Alexander Sack
-
* New security upstream release: 1.1.13 (LP: #297789)
- CVE-2008-4582: Information stealing via local shortcut files
- CVE-2008-5012: Image stealing via canvas and HTTP redirect
- CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
- CVE-2008-5014: Crash and remote code execution via __proto__ tampering
- CVE-2008-5017: Browser engine crash - Firefox 2 and 3
- CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
- CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
- CVE-2008-0017: Buffer overflow in http-index-format parser
- CVE-2008-5021: Crash and remote code execution in nsFrameManager
- CVE-2008-5022: nsXMLHttpRequest::NotifyEventL isteners( ) same-origin violation
- CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
- CVE-2008-5024: Parsing error in E4X default namespace
- CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail* re-run autoconf2.13 to update configure patch to changed upstream codebase
- update debian/patches/ 99_configure. patch - 8. By Fabien Tassin
-
* New security upstream release: 1.1.12 (LP: #276437)
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedir ect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow - 7. By Fabien Tassin
-
* New security upstream release: 1.1.11 (LP: #218534)
Fixes USN-602-1, USN-619-1, USN-623-1 and USN-629-1
* Refresh diverged patch:
- update debian/patches/ 80_security_ build.patch
* Fix FTBFS with missing -lfontconfig
- add debian/patches/ 11_fix_ ftbfs_with_ fontconfig. patch
- update debian/patches/ series
* Build with default gcc (hardy: 4.2, intrepid: 4.3)
- update debian/rules
- update debian/control
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/seamonkey
