© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
This bug was fixed in the package seamonkey - 1.1.12+
---------------
seamonkey (1.1.12+
* New security upstream release: 1.1.12 (LP: #276437)
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-
- CVE-2008-
- CVE-2008-
- CVE-2008-
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument:
- CVE-2008-0016: UTF-8 URL stack buffer overflow
* Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
- CVE-2008-2785: Remote code execution by overflowing CSS reference counter
- CVE-2008-2811: Crash and remote code execution in block reflow
- CVE-2008-2810: Remote site run as local file via Windows URL shortcut
- CVE-2008-2809: Peer-trusted certs can use alt names to spoof
- CVE-2008-2808: File location URL in directory listings not escaped properly
- CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
- CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
- CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
- MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
- CVE-2008-2803: Arbitrary code execution in mozIJSSubScript
- CVE-2008-2802: Chrome script loading from fastload file
- CVE-2008-2801: Signed JAR tampering
- CVE-2008-2800: XSS through JavaScript same-origin violation
- CVE-2008-
- CVE-2008-1380: Crash in JavaScript garbage collector
* Refresh diverged patch:
- update debian/
* Fix FTBFS with missing -lfontconfig
- add debian/
- update debian/
-- Fabien Tassin <email address hidden> Tue, 30 Sep 2008 22:44:30 +0200