| 2008-09-30 18:23:54 |
Fabien Tassin |
bug |
|
|
added bug |
| 2008-09-30 18:25:28 |
Fabien Tassin |
seamonkey: assignee |
|
fta |
|
| 2008-09-30 18:25:28 |
Fabien Tassin |
seamonkey: statusexplanation |
|
|
|
| 2008-09-30 18:25:42 |
Fabien Tassin |
seamonkey: assignee |
|
fta |
|
| 2008-09-30 18:25:42 |
Fabien Tassin |
seamonkey: statusexplanation |
|
|
|
| 2008-09-30 20:31:22 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.11+nobinonly-0ubuntu1--1.1.12+nobinonly-0ubuntu1.debdiff' (seamonkey_1.1.11+nobinonly-0ubuntu1--1.1.12+nobinonly-0ubuntu1.debdiff) |
| 2008-09-30 20:32:01 |
Fabien Tassin |
seamonkey: status |
New |
Fix Committed |
|
| 2008-09-30 20:33:59 |
Fabien Tassin |
seamonkey: status |
Fix Committed |
New |
|
| 2008-09-30 20:34:09 |
Fabien Tassin |
seamonkey: status |
New |
Fix Committed |
|
| 2008-09-30 20:47:05 |
Fabien Tassin |
who_made_private |
fta |
|
|
| 2008-09-30 22:25:50 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.12+nobinonly.orig.tar.gz' (seamonkey_1.1.12+nobinonly.orig.tar.gz) |
| 2008-09-30 23:07:20 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.11+nobinonly-0ubuntu1--1.1.12+nobinonly-0ubuntu0.8.04.1.debdiff' (seamonkey_1.1.11+nobinonly-0ubuntu1--1.1.12+nobinonly-0ubuntu0.8.04.1.debdiff) |
| 2008-09-30 23:08:46 |
Fabien Tassin |
seamonkey: status |
New |
Fix Committed |
|
| 2008-09-30 23:10:24 |
Fabien Tassin |
description |
Binary package hint: seamonkey
seamonkey (1.1.12+nobinonly-0ubuntu1) intrepid; urgency=low
* New security upstream release: 1.1.12
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow
-- Fabien Tassin <fta@ubuntu.com> Tue, 30 Sep 2008 00:41:24 +0200 |
Binary package hint: seamonkey
seamonkey (1.1.12+nobinonly-0ubuntu1) intrepid; urgency=low
* New security upstream release: 1.1.12
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow
-- Fabien Tassin <fta@ubuntu.com> Tue, 30 Sep 2008 00:41:24 +0200
===
seamonkey (1.1.12+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
* New security upstream release: 1.1.12 (LP: #276437)
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow
* Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
- CVE-2008-2785: Remote code execution by overflowing CSS reference counter
- CVE-2008-2811: Crash and remote code execution in block reflow
- CVE-2008-2810: Remote site run as local file via Windows URL shortcut
- CVE-2008-2809: Peer-trusted certs can use alt names to spoof
- CVE-2008-2808: File location URL in directory listings not escaped properly
- CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
- CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
- CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
- MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
- CVE-2008-2803: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
- CVE-2008-2802: Chrome script loading from fastload file
- CVE-2008-2801: Signed JAR tampering
- CVE-2008-2800: XSS through JavaScript same-origin violation
- CVE-2008-2798..2799: Crashes with evidence of memory corruption
- CVE-2008-1380: Crash in JavaScript garbage collector
* Refresh diverged patch:
- update debian/patches/80_security_build.patch
* Fix FTBFS with missing -lfontconfig
- add debian/patches/11_fix_ftbfs_with_fontconfig.patch
- update debian/patches/series
-- Fabien Tassin <fta@ubuntu.com> Tue, 30 Sep 2008 22:44:30 +0200
|
|
| 2008-09-30 23:21:04 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.12+nobinonly-0ubuntu1.diff.gz' (seamonkey_1.1.12+nobinonly-0ubuntu1.diff.gz) |
| 2008-09-30 23:27:35 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.12+nobinonly-0ubuntu1.dsc' (seamonkey_1.1.12+nobinonly-0ubuntu1.dsc) |
| 2008-09-30 23:34:08 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1.diff.gz' (seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1.diff.gz) |
| 2008-09-30 23:39:32 |
Fabien Tassin |
bug |
|
|
added attachment 'seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1.dsc' (seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1.dsc) |
| 2008-10-01 08:58:00 |
Launchpad Janitor |
seamonkey: status |
Fix Committed |
Fix Released |
|
| 2008-10-06 21:46:28 |
Jamie Strandboge |
seamonkey: status |
Fix Committed |
Fix Released |
|
| 2009-07-26 07:42:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/seamonkey |
|
| 2009-07-26 07:47:20 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/hardy/seamonkey/hardy-security |
|
