lp:seamonkey/1.1
- Get this branch:
- bzr branch lp:seamonkey/1.1
Branch merges
Branch information
Recent revisions
- 161. By Alexander Sack
-
(merge) RELEASE 1.1.17+
nobinonly- 0ubuntu1 to ubuntu/karmic
* New upstream security release: 1.1.17 (LP: #356274)
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
* removed debian/patches/ 90_181_ 485217_ attachment_ 369357. patch
* removed debian/patches/ 90_181_ 485286_ attachment_ 369457. patch
- update debian/patches/ series - 160. By Alexander Sack
-
RELEASE 1.1.15+
nobinonly- 0ubuntu2 to ubuntu/jaunty with security fixes
* CVE-2009-1044: Arbitrary code execution via XUL tree element
- add debian/patches/ 90_181_ 484320_ attachment_ 368977. patch
- update debian/patches/ series
* CVE-2009-1169: XSL Transformation vulnerability
- add 90_181_485217_ attachment_ 369357. patch
- add debian/patches/ 90_181_ 485286_ attachment_ 369457. patch - 159. By Alexander Sack
-
(merge) RELEASE 1.1.15+
nobinonly- 0ubuntu1 to ubuntu/jaunty
* New security upstream release: 1.1.15 (LP: #309655)
- CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
- CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
- CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
- CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
- CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect
* New security upstream release: 1.1.14 (LP: #309655)
- CVE-2008-5511: XSS and JavaScript privilege escalation
- CVE-2008-5510: Escaped null characters ignored by CSS parser
- CVE-2008-5508: Errors parsing URLs with leading whitespace and controlcharacters
- CVE-2008-5507: Cross-domain data theft via script redirect error message
- CVE-2008-5506: XMLHttpRequest 302 response disclosure
- CVE-2008-5503: Information stealing via loadBindingDocument
- CVE-2008-5501..5500: Crashes with evidence of memory corruption
(rv:1.9.0.5/ 1.8.1.19) - 158. By Alexander Sack
-
* new security upstream release: 1.1.14
- CVE-...
* drop patches applied upstream
- delete debian/patches/ 35_zip_ cache.patch
- update debian/patches/ series - 156. By Alexander Sack
-
* re-run autoconf2.13 to update configure patch to changed upstream codebase
- update debian/patches/ 99_configure. patch - 155. By Alexander Sack
-
* New security upstream release: 1.1.13 (LP: #297789)
- CVE-2008-4582: Information stealing via local shortcut files
- CVE-2008-5012: Image stealing via canvas and HTTP redirect
- CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
- CVE-2008-5014: Crash and remote code execution via __proto__ tampering
- CVE-2008-5017: Browser engine crash - Firefox 2 and 3
- CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
- CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
- CVE-2008-0017: Buffer overflow in http-index-format parser
- CVE-2008-5021: Crash and remote code execution in nsFrameManager
- CVE-2008-5022: nsXMLHttpRequest::NotifyEventL isteners( ) same-origin violation
- CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
- CVE-2008-5024: Parsing error in E4X default namespace
- CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail
Branch metadata
- Branch format:
- Branch format 6
- Repository format:
- Bazaar pack repository format 1 (needs bzr 0.92)