Comment 15 for bug 593571

This is fixed in Lucid now

seamonkey (2.0.7+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release v2.0.7 (SEAMONKEY_2_0_7_BUILD1)

  * SECURITY UPDATES:
  * MFSA 2010-49: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
    - CVE-2010-3169
  * MFSA 2010-50: Frameset integer overflow vulnerability
    - CVE-2010-2765
  * MFSA 2010-51: Dangling pointer vulnerability using DOM plugin array
    - CVE-2010-2767
  * MFSA 2010-52: Windows XP DLL loading vulnerability
    - CVE-2010-3131
  * MFSA 2010-53: Heap buffer overflow in nsTextFrameUtils::TransformText
    - CVE-2010-3166
  * MFSA 2010-54: Dangling pointer vulnerability in nsTreeSelection
    - CVE-2010-2760
  * MFSA 2010-55: XUL tree removal crash and remote code execution
    - CVE-2010-3168
  * MFSA 2010-56: Dangling pointer vulnerability in nsTreeContentView
    - CVE-2010-3167
  * MFSA 2010-57: Crash and remote code execution in normalizeDocument
    - CVE-2010-2766
  * MFSA 2010-58: Crash on Mac using fuzzed font in data: URL
    - CVE-2010-2770
  * MFSA 2010-60: XSS using SJOW scripted functio
    - CVE-2010-2763
  * MFSA 2010-61: UTF-7 XSS by overriding document charset using <object>
    type attribute
    - CVE-2010-2768
  * MFSA 2010-62: Copy-and-paste or drag-and-drop into designMode document
    allows XSS
    - CVE-2010-62
  * MFSA 2010-63: Information leak via XMLHttpRequest statusText
    - CVE-2010-63

  * Refresh patches for new upstream version
    - update debian/patches/seamonkey-fsh.patch
  * Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
    Install the newsblog.js XPCOM component
    - update debian/seamonkey-mailnews.install
 -- Chris Coulson <email address hidden> Thu, 09 Sep 2010 16:26:29 +0100