Seamonkey should be updated to 1.1.13

According to packages.debian.org, there is Iceape 1.1.13 available i their repository.
So, Seamonkey 1.1.13 for Ubuntu should be made available.
I take a look to other distributions releases and they all updated this security-related
release to version 1.1.13 (Debian, Fedora, Slackware, OpenSUSE) so why not Ubuntu to be up-to-date with faster release-build-test-repository release process?
Also, besides, builds for Jaunty and Interpid, Update for Hardy/LTS should be made.

This bug was fixed in the package seamonkey - 1.1.13+nobinonly-0ubuntu1

---------------
seamonkey (1.1.13+nobinonly-0ubuntu1) jaunty; urgency=low

  * New security upstream release: 1.1.13 (LP: #297789)
    - CVE-2008-4582: Information stealing via local shortcut files
    - CVE-2008-5012: Image stealing via canvas and HTTP redirect
    - CVE-2008-5013: Arbitrary code execution via Flash Player dynamic module unloading
    - CVE-2008-5014: Crash and remote code execution via __proto__ tampering
    - CVE-2008-5017: Browser engine crash - Firefox 2 and 3
    - CVE-2008-5018: JavaScript engine crashes - Firefox 2 and 3
    - CVE-2008-5019: XSS and JavaScript privilege escalation via session restore
    - CVE-2008-0017: Buffer overflow in http-index-format parser
    - CVE-2008-5021: Crash and remote code execution in nsFrameManager
    - CVE-2008-5022: nsXMLHttpRequest::NotifyEventListeners() same-origin violation
    - CVE-2008-5023: -moz-binding property bypasses security checks on codebase principals
    - CVE-2008-5024: Parsing error in E4X default namespace
    - CVE-NOTASSIGN (MFSA2008-59): Script access to .documentURI and .textContent in mail

  * re-run autoconf2.13 to update configure patch to changed upstream codebase
    - update debian/patches/99_configure.patch

 -- Alexander Sack <email address hidden> Wed, 26 Nov 2008 14:54:21 +0100

Anybody know where we stand on this?

I've been dealing with a really annoying bug in 1.1.12
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/290857

that I am hoping will be fixed with version 1.1.13.

I don't see a fixed bug on SSL here : <http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.13>.

May be the Seamonkey 1.1.14 on 2008-12-16 will fix it ; so is it possible to directly move from 1.1.12 to 1.1.14?

Since Seamonkey 1.1.14 is released it would be good idea for Seamonkey package to be released for Hardy and Interpid, instead of 1.1.13. I think yamo have a point here.
Or we should make another Bug about upgrading to 1.1.14?

Seamonkey 1.1.14 security and bug fixes:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.14

Well, after dealing with my own bug in Seamonkey 1.1.12 for two months
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/290857

And starting to realize that there is a serious security problem with the Seamonkey package in Intrepid's repositories, I upgraded to Seamonkey 1.1.14 about a week ago using Ubuntuzilla
http://ubuntuzilla.wiki.sourceforge.net/

And I just want to say: if you're feeling less-than-secure on the internet using Seamonkey 1.1.12 out of Intrepid's repositories, don't leave your internet security in the hands of others.

Go ahead and upgrade using either Ubuntuzilla like I did or by compiling it manually yourself.

Because Jaunty is going to be released before this bug gets fixed.

Hi.
I can download and install 64-bit binary from seamonkey-project.org but It`s not the point.
I Need to do that to my notebook computer, to my VM installations, to my friend`s computer, etc etc..
I would rather make all effort I can and is in my power to make newer SM available to *Ubuntu
then just solve problem for myself temporarily.
I myself made SM 1.1.13 for Hardy when it was available in Jaunty repository. I still don`t know how to do that for a version that is not in a repo but I will learn..

Oh, I understand.

I guess I'm just a little disappointed by the fact that there hasn't been any "official" response to this.

Supposedly 30 different people and the so-called "Ubuntu Security Team" have been notified of this bug. And not one single one of these people has said boo about it.

Now I myself was having problems related to SSL breaking on me.
https://bugs.launchpad.net/ubuntu/+source/seamonkey/+bug/290857

But apparently the security of my bank accounts, credit card accounts, etc., isn't terribly important to anybody since my bug didn't rate an "official" response either.

Frankly, I've pretty much lost faith in this whole bug process. That is why I have personally decided to throw in my lot with Ubuntuzilla.

Just check out this thread I posted over on the Ubuntuzilla forum.
http://ubuntuforums.org/showthread.php?t=1013724

I had problems with my Ubuntuzilla-installed Seamonkey 1.1.14, and within a matter of days, Ubuntuzilla's developer, nanotube, responded with an updated package that completely fixed the problem I was having with my Seamonkey plugins.

And he wasn't even responding to a security issue, he was responding to a plugin issue.

But I waited for two months for my SSL-related bug to get fixed, and I couldn't even get an "official" response.

That's why I was saying to people, in the post above, that they shouldn't leave their internet security in other peoples hands, because, well <cue the crickets around here>

We post bugs because we Love to see things fixed to the benefit to us and the other users.
That is all about development process. We contribute, it comes back to all.

Seamonkey itself is in Universe repository and that means that it is not core of Ubuntu but included
to user`s request. So Core staff does not seems to provide support nor the same care as to the supported products. Therefore, it is not productive to call people "so-called".
let`s do all we can to make Seamonkey stay and be updated in *Ubuntu.

I guess that's what you get for using a development process that includes middlemen, such as the package maintainers. The fix exists, it's been available upstream, yet people depend on a lazy package maintainer to deliver the fix.

In Windows or MacOS X anyone can fix this issue by themselves, by just visiting the developer's site and downloading the latest version. This bug clearly shows how the centralised repository system is a failure.

Seamonkey was updated to 1.1.15 on April 1 for Hardy and Intrepid.

Tiberiu Cristea wrote on 2009-04-08:
> In Windows or MacOS X anyone can fix this issue by themselves, by just visiting the developer's site and
> downloading the latest version. This bug clearly shows how the centralised repository system is a failure.

You are terribly wrong and your saying is not based on real-world facts and are misleading.

You can always go to developer page and use non-packaged installation of programs and install on your Linux system. (like you were quoting windblows solution).
But on GNU/Linux you have another option, too:
Packaging and repositories gives you benefit that you don`t need to do search>download>install on all
of your 1000`s machines, but they do it alone, quietly and if package is updated in repository it is updated
on ALL machines in the whole world, running that repo/package repository.
Also such updates are tailored to exact system, tested, maintained and supported.

Please, don`t argue in the future about things you don`t understand fully, thanks.

@Nikola M: of course one can download the source, the question is: will it compile gracefully? I am sure you're aware of the dependency chains that have to be satisfied in order to have a stable system. Sometimes it's just not possible to have a newer version of software X without updating chains of core dependencies. Actually, this is what the Ubuntu team is doing every 6 months.

In the case of this package, critical vulnerabilities were not patched for a significant amount of time because nobody bothered to compile the newer upstream sources. Of course, the package maintainer is not to blame, he's probably not getting paid to do it. But while issues like this are not the core developer's fault, they are Ubuntu's problem.

Please, do not lecture me on the advantages of package management systems, I am very well aware of them, I am more concerned about the disadvantages. Also, try to write "Windows", not "windblows", alternate Linux fanboish spellings make you look bad.

I really hope the fix released for this bug solved the problem.