lp:seamonkey/1.1

Created by Alexander Sack and last modified
Get this branch:
bzr branch lp:seamonkey/1.1
Members of Mozilla Team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Mozilla Team
Project:
SeaMonkey
Status:
Abandoned

Recent revisions

161. By Alexander Sack

(merge) RELEASE 1.1.17+nobinonly-0ubuntu1 to ubuntu/karmic
* New upstream security release: 1.1.17 (LP: #356274)
  - CVE-2009-1841: JavaScript chrome privilege escalation
  - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
  - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
  - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
  - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
  - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
  - CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
  - MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
  - update debian/patches/series

160. By Alexander Sack

RELEASE 1.1.15+nobinonly-0ubuntu2 to ubuntu/jaunty with security fixes
* CVE-2009-1044: Arbitrary code execution via XUL tree element
  - add debian/patches/90_181_484320_attachment_368977.patch
  - update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
  - add 90_181_485217_attachment_369357.patch
  - add debian/patches/90_181_485286_attachment_369457.patch

159. By Alexander Sack

(merge) RELEASE 1.1.15+nobinonly-0ubuntu1 to ubuntu/jaunty
* New security upstream release: 1.1.15 (LP: #309655)
  - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
  - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
  - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
  - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
  - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect
* New security upstream release: 1.1.14 (LP: #309655)
  - CVE-2008-5511: XSS and JavaScript privilege escalation
  - CVE-2008-5510: Escaped null characters ignored by CSS parser
  - CVE-2008-5508: Errors parsing URLs with leading whitespace and controlcharacters
  - CVE-2008-5507: Cross-domain data theft via script redirect error message
  - CVE-2008-5506: XMLHttpRequest 302 response disclosure
  - CVE-2008-5503: Information stealing via loadBindingDocument
  - CVE-2008-5501..5500: Crashes with evidence of memory corruption
    (rv:1.9.0.5/1.8.1.19)

158. By Alexander Sack

* new security upstream release: 1.1.14
  - CVE-...
* drop patches applied upstream
  - delete debian/patches/35_zip_cache.patch
  - update debian/patches/series

157. By Alexander Sack

* RELEASE 1.1.13+nobinonly-0ubuntu1 to ubuntu/jaunty

156. By Alexander Sack

* re-run autoconf2.13 to update configure patch to changed upstream codebase
  - update debian/patches/99_configure.patch

155. By Alexander Sack

* New security upstream release: 1.1.13 (LP: #297789)
  - CVE-2008-4582: Information stealing via local shortcut files
  - CVE-2008-5012: Image stealing via canvas and HTTP redirect
  - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
  - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
  - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
  - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
  - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
  - CVE-2008-0017: Buffer overflow in http-index-format parser
  - CVE-2008-5021: Crash and remote code execution in nsFrameManager
  - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
  - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
  - CVE-2008-5024: Parsing error in E4X default namespace
  - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail

154. By Fabien Tassin

* RELEASE 1.1.12+nobinonly-0ubuntu1 to ubuntu/intrepid

153. By Fabien Tassin

* New security upstream release: 1.1.12 (LP: #276437)

152. By Fabien Tassin

* RELEASE 1.1.11+nobinonly-0ubuntu1 to ubuntu/intrepid

Branch metadata

Branch format:
Branch format 6
Repository format:
Bazaar pack repository format 1 (needs bzr 0.92)
This branch contains Public information 
Everyone can see this information.

Subscribers