Change logs for seamonkey source package in Intrepid

seamonkey (1.1.17+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * New upstream security release: 1.1.17 (LP: #356274)
    - CVE-2009-1841: JavaScript chrome privilege escalation
    - CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
    - CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
    - CVE-2009-1835: Arbitrary domain cookie access by local file: resources
    - CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
    - CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
    - CVE-2009-1307:  Same-origin violations when Adobe Flash loaded via view-source: scheme
    - MFSA 2009-33  Crash viewing multipart/alternative message with text/enhanced part
  * removed debian/patches/90_181_484320_attachment_368977.patch
  * removed debian/patches/90_181_485217_attachment_369357.patch
  * removed debian/patches/90_181_485286_attachment_369457.patch
    - update debian/patches/series

 -- John Vivirito <email address hidden>   Mon, 06 Jul 2009 13:20:53 -0400

seamonkey (1.1.15+nobinonly-0ubuntu0.8.10.2) intrepid-security; urgency=low

  * CVE-2009-1044: Arbitrary code execution via XUL tree element
    - add debian/patches/90_181_484320_attachment_368977.patch
    - update debian/patches/series
  * CVE-2009-1169: XSL Transformation vulnerability
    - add 90_181_485217_attachment_369357.patch
    - add debian/patches/90_181_485286_attachment_369457.patch

seamonkey (1.1.15+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * New security upstream release: 1.1.15 (LP: #309655)
    - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
    - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
    - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
    - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
    - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

seamonkey (1.1.14+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low

  * * New security upstream release: 1.1.14 (LP: #309655)
    - CVE-2008-5511: XSS and JavaScript privilege escalation
    - CVE-2008-5510: Escaped null characters ignored by CSS parser
    - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
    - CVE-2008-5507: Cross-domain data theft via script redirect error message
    - CVE-2008-5506: XMLHttpRequest 302 response disclosure
    - CVE-2008-5503: Information stealing via loadBindingDocument
    - CVE-2008-5501..5500: Crashes with evidence of memory corruption
      (rv:1.9.0.5/1.8.1.19)
  * drop patches applied upstream
    - delete debian/patches/35_zip_cache.patch
    - update debian/patches/series

 -- Alexander Sack <email address hidden>   Tue, 31 Mar 2009 13:21:19 +0200

seamonkey (1.1.12+nobinonly-0ubuntu1) intrepid; urgency=low

  * New security upstream release: 1.1.12 (LP: #276437)
    - CVE-2008-4070: Heap overflow when canceling newsgroup message
    - CVE-2008-4069: XBM image uninitialized memory reading
    - CVE-2008-4067..4068: resource: traversal vulnerabilities
    - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
    - CVE-2008-4061..4064: Crashes with evidence of memory corruption
    - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
    - CVE-2008-3837: Forced mouse drag
    - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
    - CVE-2008-0016: UTF-8 URL stack buffer overflow

 -- Fabien Tassin <email address hidden>   Tue, 30 Sep 2008 00:41:24 +0200

seamonkey (1.1.11+nobinonly-0ubuntu1) intrepid; urgency=low

  * New security upstream release: 1.1.11 (LP: #218534)
    Fixes USN-602-1, USN-619-1, USN-623-1 and USN-629-1
  * Refresh diverged patch:
    - update debian/patches/80_security_build.patch
  * Fix FTBFS with missing -lfontconfig
    - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
    - update debian/patches/series
  * Build with default gcc (hardy: 4.2, intrepid: 4.3)
    - update debian/rules
    - update debian/control

 -- Fabien Tassin <email address hidden>   Tue, 29 Jul 2008 21:29:02 +0200

seamonkey (1.1.9+nobinonly-0ubuntu1) hardy; urgency=low

  * New security upstream release: 1.1.9 (LP: #207461)
  * Security fixes:
    - MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
    - MFSA 2008-18 Java socket connection to any local port via LiveConnect
    - MFSA 2008-17 Privacy issue with SSL Client Authentication
    - MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
    - MFSA 2008-15 Crashes with evidence of memory corruption
    - MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
  * Drop patches applied upstream:
    - drop debian/patches/11_bz399589_fix_missing_symbol_with_new_nss.patch
    - update debian/patches/series
  * Add missing Ubuntu-specific menu items (LP: #190845)
    - add debian/patches/85_ubuntu_menu.patch
    - update debian/patches/series
    Contributed by Andrea Colangelo <email address hidden>

 -- Fabien Tassin <email address hidden>   Thu, 27 Mar 2008 00:31:02 +0100