-
seamonkey (2.0.11+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.11 (SEAMONKEY_2_0_11_BUILD1)
* SECURITY UPDATE:
- http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.11
* Fixes LP: #575160 - seamonkey 2.0 crashes with 'RenderBadPicture'
-- Chris Coulson <email address hidden> Mon, 06 Dec 2010 13:43:46 +0000
-
seamonkey (2.0.10+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.10 (SEAMONKEY_2_0_10_BUILD1)
* SECURITY UPDATE:
- http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.10
-- Chris Coulson <email address hidden> Wed, 27 Oct 2010 16:25:20 -0400
-
seamonkey (2.0.9+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.9 (SEAMONKEY_2_0_9_BUILD1)
* SECURITY UPDATE:
- http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html#seamonkey2.0.9
* Bump minimum system NSS to 3.12.8 after landing of (bmo: 600104) aka
Bump minimum required version for system NSS to 3.12.8
- update debian/rules
* Bump minimum system NSPR to 4.8.6 after landing of (bmo: 567620) aka
Bump minimum required version for system NSPR to 4.8.6
- update debian/rules
* Fix LP: #646632 - No dictionaries present in Seamonkey. Ship a
symlink to the system dictionaries
- update debian/rules
- update debian/seamonkey-browser.install
* Fix LP: #643047 - Don't touch $LIBDIR/.autoreg from the seamonkey
postinst script. The seamonkey package is just a meta-package, and
the file is shipped by seamonkey-browser. Changing this ensures that
seamonkey doesn't fail to configure if there is version skew during
upgrades, and avoids the need for having tight dependencies
- update debian/rules
- remove debian/seamonkey.postinst.in
- remove debian/seamonkey.prerm.in
-- Chris Coulson <email address hidden> Tue, 05 Oct 2010 01:13:10 +0100
-
seamonkey (2.0.8+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.8 (SEAMONKEY_2_0_8_BUILD1)
- Fixes for a number of non-security-relevant crashes
-- Chris Coulson <email address hidden> Wed, 15 Sep 2010 21:17:47 +0100
-
seamonkey (2.0.7+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.7 (SEAMONKEY_2_0_7_BUILD1)
* SECURITY UPDATES:
* MFSA 2010-49: Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
- CVE-2010-3169
* MFSA 2010-50: Frameset integer overflow vulnerability
- CVE-2010-2765
* MFSA 2010-51: Dangling pointer vulnerability using DOM plugin array
- CVE-2010-2767
* MFSA 2010-52: Windows XP DLL loading vulnerability
- CVE-2010-3131
* MFSA 2010-53: Heap buffer overflow in nsTextFrameUtils::TransformText
- CVE-2010-3166
* MFSA 2010-54: Dangling pointer vulnerability in nsTreeSelection
- CVE-2010-2760
* MFSA 2010-55: XUL tree removal crash and remote code execution
- CVE-2010-3168
* MFSA 2010-56: Dangling pointer vulnerability in nsTreeContentView
- CVE-2010-3167
* MFSA 2010-57: Crash and remote code execution in normalizeDocument
- CVE-2010-2766
* MFSA 2010-58: Crash on Mac using fuzzed font in data: URL
- CVE-2010-2770
* MFSA 2010-60: XSS using SJOW scripted functio
- CVE-2010-2763
* MFSA 2010-61: UTF-7 XSS by overriding document charset using <object>
type attribute
- CVE-2010-2768
* MFSA 2010-62: Copy-and-paste or drag-and-drop into designMode document
allows XSS
- CVE-2010-62
* MFSA 2010-63: Information leak via XMLHttpRequest statusText
- CVE-2010-63
* Refresh patches for new upstream version
- update debian/patches/seamonkey-fsh.patch
* Fix LP: #593571 - searching for am-newsblog.xul in the wrong chrome package
Install the newsblog.js XPCOM component
- update debian/seamonkey-mailnews.install
-- Chris Coulson <email address hidden> Thu, 09 Sep 2010 16:26:29 +0100
-
seamonkey (2.0.6+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.6 (SEAMONKEY_2_0_6_BUILD1)
* MFSA 2010-34: Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
- CVE-2010-1211
* MFSA 2010-35: DOM attribute cloning remote code execution vulnerability
- CVE-2010-1208
* MFSA 2010-36: Use-after-free error in NodeIterator
- CVE-2010-1209
* MFSA 2010-37: Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability
- CVE-2010-1214
* MFSA 2010-39: nsCSSValue::Array index integer overflow
- CVE-2010-2752
* MFSA 2010-40: nsTreeSelection dangling pointer remote code execution
vulnerability
- CVE-2010-2753
* MFSA 2010-41: Remote code execution using malformed PNG image
- CVE-2010-1205
* MFSA 2010-42: Cross-origin data disclosure via Web Workers and importScripts
- CVE-2010-1213
* MFSA 2010-45: Multiple location bar spoofing vulnerabilities
- CVE-2010-1206
- CVE-2010-2751
* MFSA 2010-46: Cross-domain data theft using CSS
- CVE-2010-0654
* MFSA 2010-47: Cross-origin data leakage from script filename in error
messages
- CVE-2010-2754
-- Micah Gersten <email address hidden> Thu, 22 Jul 2010 09:19:13 -0500
-
seamonkey (2.0.5+build1+nobinonly-0ubuntu0.10.04.1) lucid-security; urgency=low
* New upstream release v2.0.5 (SEAMONKEY_2_0_5_BUILD1)
* MFSA 2010-25: Re-use of freed object due to scope confusion
- CVE-2010-1121
* MFSA 2010-26: Crashes with evidence of memory corruption
- CVE-2010-1200
- CVE-2010-1201
- CVE-2010-1202
* MFSA 2010-27: Use-after-free error in nsCycleCollector::MarkRoots()
- CVE-2010-0183
* MFSA 2010-28: Freed object reuse across plugin instances
- CVE-2010-1198
* MFSA 2010-29: Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
- CVE-2010-1196
* MFSA 2010-30: Integer Overflow in XSLT Node Sorting
- CVE-2010-1199
* MFSA 2010-31: focus() behavior can be used to inject or steal keystrokes
- CVE-2010-1125
* MFSA 2010-32: Content-Disposition: attachment ignored if Content-Type:
multipart also present
- CVE-2010-1197
* MFSA 2010-33: User tracking across sites using Math.random()
- CVE-2008-5913
* Fix FTBFS on Sparc by disabling jit (LP: #523627)
- update debian/rules
-- Micah Gersten <email address hidden> Thu, 06 May 2010 11:18:16 -0500
-
seamonkey (2.0.4+nobinonly-0ubuntu1) lucid; urgency=low
* New upstream release v2.0.4 (SEAMONKEY_2_0_4_RELEASE) (LP: #461864)
[ Fabien Tassin <email address hidden> ]
* Add conditional support for system Cairo, NSS, NSPR
- update debian/rules
* Update icons from xpm to png
- update debian/seamonkey-*.{install,links,menu}
* We no longer need dynamic -lsoftokn, disable NSS_DYNAMIC_SOFTOKN
- add debian/patches/no_dynamic_nss_softokn.patch
- update debian/patches/series
[ Micah Gersten <email address hidden> ]
* Use versioned install directory
- update debian/rules
* Bump minimum versions of system libs; cairo to 1.8.8; NSPR to 4.8;
NSS to 3.12.6
- update debian/rules
* Update .install files for latest release
- update debian/seamonkey-browser.install
- update debian/seamonkey-mailnews.install
* Refresh patches
- update debian/patches/cleaner_dist_clean.patch
- update debian/patches/fix_installer.patch
- update debian/patches/seamonkey-fsh.patch
* Drop cairo FTBFS patch after upstream landing
- drop debian/patches/fix_ftbfs_with_cairo_fb.patch
- update debian/series
* Install gnome components in -browser package so that it works out of the box
- update debian/seamonkey-browser.install
- update debian/control
- update debian/rules
* Move mozclient to be in source
- add debian/mozclient/compare.mk
- add debian/mozclient/seamonkey-remove.binonly.sh
- add debian/mozclient/seamonkey.conf
- add debian/mozclient/seamonkey.mk
- update debian/rules
[ Chris Coulson <email address hidden> ]
* Ensure the symlinks are installed correctly. File name expansion
doesn't work in the .links files, so call dh_link explicitly in
debian/rules instead
- drop debian/seamonkey-browser.links
- drop debian/seamonkey-mailnews.links
- update debian/rules
* Only the seamonkey-gnome-support package should have dependencies on GNOME
libraries - ensure that seamonkey-browser doesn't have the GNOME components
installed when dh_shlibdeps is run
- update debian/rules
- update debian/seamonkey-browser.install
-- Micah Gersten <email address hidden> Mon, 26 Apr 2010 14:30:57 -0500
-
seamonkey (1.1.17+nobinonly-0ubuntu1) karmic; urgency=low
* New upstream security release: 1.1.17 (LP: #356274)
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
- update debian/patches/series
-- John Vivirito <email address hidden> Mon, 06 Jul 2009 13:20:53 -0400