Here is the full debdiff for hardy.
** Attachment added:
"seamonkey_1.1.11+nobinonly-0ubuntu1--1.1.12+nobinonly-0ubuntu0.8.04.1.debdiff"
http://launchpadlibrarian.net/18096689/seamonkey_1.1.11%2Bnobinonly-0ubuntu1--1.1.12%2Bnobinonly-0ubuntu0.8.04.1.debdiff
** Changed in: seamonkey (Ubuntu Hardy)
Status: New => Fix Committed
** Description changed:
Binary package hint: seamonkey
seamonkey (1.1.12+nobinonly-0ubuntu1) intrepid; urgency=low
* New security upstream release: 1.1.12
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before
execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow
-- Fabien Tassin <[EMAIL PROTECTED]> Tue, 30 Sep 2008 00:41:24 +0200
+
+ ===
+
+ seamonkey (1.1.12+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
+
+ * New security upstream release: 1.1.12 (LP: #276437)
+ - CVE-2008-4070: Heap overflow when canceling newsgroup message
+ - CVE-2008-4069: XBM image uninitialized memory reading
+ - CVE-2008-4067..4068: resource: traversal vulnerabilities
+ - CVE-2008-4065..4066: BOM characters stripped from JavaScript before
execution
+ - CVE-2008-4061..4064: Crashes with evidence of memory corruption
+ - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
+ - CVE-2008-3837: Forced mouse drag
+ - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
+ - CVE-2008-0016: UTF-8 URL stack buffer overflow
+ * Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
+ - CVE-2008-2785: Remote code execution by overflowing CSS reference
counter
+ - CVE-2008-2811: Crash and remote code execution in block reflow
+ - CVE-2008-2810: Remote site run as local file via Windows URL shortcut
+ - CVE-2008-2809: Peer-trusted certs can use alt names to spoof
+ - CVE-2008-2808: File location URL in directory listings not escaped
properly
+ - CVE-2008-2807: Faulty .properties file results in uninitialized memory
being used
+ - CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on
Mac OS X
+ - CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
+ - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME
processing
+ - CVE-2008-2803: Arbitrary code execution in
mozIJSSubScriptLoader.loadSubScript()
+ - CVE-2008-2802: Chrome script loading from fastload file
+ - CVE-2008-2801: Signed JAR tampering
+ - CVE-2008-2800: XSS through JavaScript same-origin violation
+ - CVE-2008-2798..2799: Crashes with evidence of memory corruption
+ - CVE-2008-1380: Crash in JavaScript garbage collector
+ * Refresh diverged patch:
+ - update debian/patches/80_security_build.patch
+ * Fix FTBFS with missing -lfontconfig
+ - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
+ - update debian/patches/series
+
+ -- Fabien Tassin <[EMAIL PROTECTED]> Tue, 30 Sep 2008 22:44:30 +0200
--
security upgrade of seamonkey 1.1.12
https://bugs.launchpad.net/bugs/276437
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
