Comment 18 for bug 309655

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package seamonkey - 1.1.15+nobinonly-0ubuntu1

---------------
seamonkey (1.1.15+nobinonly-0ubuntu1) jaunty; urgency=low

  * New security upstream release: 1.1.15 (LP: #309655)
    - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
    - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
    - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
    - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
    - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

seamonkey (1.1.14+nobinonly-0ubuntu1) jaunty; urgency=low

  [ Alexander Sack ]
  * New security upstream release: 1.1.14 (LP: #309655)
    - CVE-2008-5511: XSS and JavaScript privilege escalation
    - CVE-2008-5510: Escaped null characters ignored by CSS parser
    - CVE-2008-5508: Errors parsing URLs with leading whitespace and controlcharacters
    - CVE-2008-5507: Cross-domain data theft via script redirect error message
    - CVE-2008-5506: XMLHttpRequest 302 response disclosure
    - CVE-2008-5503: Information stealing via loadBindingDocument
    - CVE-2008-5501..5500: Crashes with evidence of memory corruption
      (rv:1.9.0.5/1.8.1.19)
  * drop patches applied upstream
    - delete debian/patches/35_zip_cache.patch
    - update debian/patches/series

 -- John Vivirito <email address hidden> Sat, 21 Mar 2009 11:26:47 -0400