Ubuntu
seamonkey package

lp:ubuntu/lucid-security/seamonkey

  1. Lucid (10.04)
  2. lucid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/seamonkey
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

20. By Chris Coulson

* New upstream release v2.0.11 (SEAMONKEY_2_0_11_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.11
* Fixes LP: #575160 - seamonkey 2.0 crashes with 'RenderBadPicture'

19. By Chris Coulson

* New upstream release v2.0.10 (SEAMONKEY_2_0_10_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.10

18. By Chris Coulson

* New upstream release v2.0.9 (SEAMONKEY_2_0_9_BUILD1)
* SECURITY UPDATE:
  - http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9

* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
  Bump minimum required version for system NSS to 3.12.8
  - update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
  Bump minimum required version for system NSPR to 4.8.6
  - update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
  symlink to the system dictionaries
  - update debian/rules
  - update debian/seamonkey-browser.install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
  postinst script. The seamonkey package is just a meta-package, and
  the file is shipped by seamonkey-browser. Changing this ensures that
  seamonkey doesn't fail to configure if there is version skew during
  upgrades, and avoids the need for having tight dependencies
  - update debian/rules
  - remove debian/seamonkey.postinst.in
  - remove debian/seamonkey.prerm.in

17. By Chris Coulson

* New upstream release v2.0.8 (SEAMONKEY_2_0_8_BUILD1)
  - Fixes for a number of non-security-relevant crashes

16. By Chris Coulson

* New upstream release v2.0.7 (SEAMONKEY_2_0_7_BUILD1)

* SECURITY UPDATES:
* MFSA 2010-49: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
  - CVE-2010-3169
* MFSA 2010-50: Frameset integer overflow vulnerability
  - CVE-2010-2765
* MFSA 2010-51: Dangling pointer vulnerability using DOM plugin array
  - CVE-2010-2767
* MFSA 2010-52: Windows XP DLL loading vulnerability
  - CVE-2010-3131
* MFSA 2010-53: Heap buffer overflow in nsTextFrameUtils::TransformText
  - CVE-2010-3166
* MFSA 2010-54: Dangling pointer vulnerability in nsTreeSelection
  - CVE-2010-2760
* MFSA 2010-55: XUL tree removal crash and remote code execution
  - CVE-2010-3168
* MFSA 2010-56: Dangling pointer vulnerability in nsTreeContentView
  - CVE-2010-3167
* MFSA 2010-57: Crash and remote code execution in normalizeDocument
  - CVE-2010-2766
* MFSA 2010-58: Crash on Mac using fuzzed font in data: URL
  - CVE-2010-2770
* MFSA 2010-60: XSS using SJOW scripted functio
  - CVE-2010-2763
* MFSA 2010-61: UTF-7 XSS by overriding document charset using <object>
  type attribute
  - CVE-2010-2768
* MFSA 2010-62: Copy-and-paste or drag-and-drop into designMode document
  allows XSS
  - CVE-2010-62
* MFSA 2010-63: Information leak via XMLHttpRequest statusText
  - CVE-2010-63

* Refresh patches for new upstream version
  - update debian/patches/seamonkey-fsh.patch
* Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
  Install the newsblog.js XPCOM component
  - update debian/seamonkey-mailnews.install

15. By Micah Gersten

* New upstream release v2.0.6 (SEAMONKEY_2_0_6_BUILD1)
* MFSA 2010-34: Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
  - CVE-2010-1211
* MFSA 2010-35: DOM attribute cloning remote code execution vulnerability
  - CVE-2010-1208
* MFSA 2010-36: Use-after-free error in NodeIterator
  - CVE-2010-1209
* MFSA 2010-37: Plugin parameter EnsureCachedAttrParamArrays remote code
  execution vulnerability
  - CVE-2010-1214
* MFSA 2010-39: nsCSSValue::Array index integer overflow
  - CVE-2010-2752
* MFSA 2010-40: nsTreeSelection dangling pointer remote code execution
  vulnerability
  - CVE-2010-2753
* MFSA 2010-41: Remote code execution using malformed PNG image
  - CVE-2010-1205
* MFSA 2010-42: Cross-origin data disclosure via Web Workers and importScripts
  - CVE-2010-1213
* MFSA 2010-45: Multiple location bar spoofing vulnerabilities
  - CVE-2010-1206
  - CVE-2010-2751
* MFSA 2010-46: Cross-domain data theft using CSS
  - CVE-2010-0654
* MFSA 2010-47: Cross-origin data leakage from script filename in error
  messages
  - CVE-2010-2754

14. By Micah Gersten

* New upstream release v2.0.5 (SEAMONKEY_2_0_5_BUILD1)
* MFSA 2010-25: Re-use of freed object due to scope confusion
  - CVE-2010-1121
* MFSA 2010-26: Crashes with evidence of memory corruption
  - CVE-2010-1200
  - CVE-2010-1201
  - CVE-2010-1202
* MFSA 2010-27: Use-after-free error in nsCycleCollector::MarkRoots()
  - CVE-2010-0183
* MFSA 2010-28: Freed object reuse across plugin instances
  - CVE-2010-1198
* MFSA 2010-29: Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
  - CVE-2010-1196
* MFSA 2010-30: Integer Overflow in XSLT Node Sorting
  - CVE-2010-1199
* MFSA 2010-31: focus() behavior can be used to inject or steal keystrokes
  - CVE-2010-1125
* MFSA 2010-32: Content-Disposition: attachment ignored if Content-Type:
  multipart also present
  - CVE-2010-1197
* MFSA 2010-33: User tracking across sites using Math.random()
  - CVE-2008-5913

* Fix FTBFS on Sparc by disabling jit (LP: #523627)
  - update debian/rules

13. By Micah Gersten

* New upstream release v2.0.4 (SEAMONKEY_2_0_4_RELEASE) (LP: #461864)

[ Fabien Tassin <email address hidden> ]
* Add conditional support for system Cairo, NSS, NSPR
  - update debian/rules
* Update icons from xpm to png
  - update debian/seamonkey-*.{install,links,menu}
* We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
  - add debian/patches/no_dynamic_nss_softokn.patch
  - update debian/patches/series

[ Micah Gersten <email address hidden> ]
* Use versioned install directory
  - update debian/rules
* Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
  NSS to 3.12.6
  - update debian/rules
* Update .install files for latest release
  - update debian/seamonkey-browser.install
  - update debian/seamonkey-mailnews.install
* Refresh patches
  - update debian/patches/cleaner_dist_clean.patch
  - update debian/patches/fix_installer.patch
  - update debian/patches/seamonkey-fsh.patch
* Drop cairo FTBFS patch after upstream landing
  - drop debian/patches/fix_ftbfs_with_cairo_fb.patch
  - update debian/series
* Install gnome components in -browser package so that it works out of the box
  - update debian/seamonkey-browser.install
  - update debian/control
  - update debian/rules
* Move mozclient to be in source
  - add debian/mozclient/compare.mk
  - add debian/mozclient/seamonkey-remove.binonly.sh
  - add debian/mozclient/seamonkey.conf
  - add debian/mozclient/seamonkey.mk
  - update debian/rules

[ Chris Coulson <email address hidden> ]
* Ensure the symlinks are installed correctly. File name expansion
  doesn't work in the .links files, so call dh_link explicitly in
  debian/rules instead
  - drop debian/seamonkey-browser.links
  - drop debian/seamonkey-mailnews.links
  - update debian/rules
* Only the seamonkey-gnome-support package should have dependencies on GNOME
  libraries - ensure that seamonkey-browser doesn't have the GNOME components
  installed when dh_shlibdeps is run
  - update debian/rules
  - update debian/seamonkey-browser.install

12. By John Vivirito

* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

11. By Alexander Sack

* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/seamonkey
This branch contains Public information 
Everyone can see this information.

Subscribers