[ubuntu/hardy-security] seamonkey 1.1.12+nobinonly-0ubuntu0.8.04.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Oct 6 22:56:39 BST 2008 

seamonkey (1.1.12+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release: 1.1.12 (LP: #276437)
    - CVE-2008-4070: Heap overflow when canceling newsgroup message
    - CVE-2008-4069: XBM image uninitialized memory reading
    - CVE-2008-4067..4068: resource: traversal vulnerabilities
    - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
    - CVE-2008-4061..4064: Crashes with evidence of memory corruption
    - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
    - CVE-2008-3837: Forced mouse drag
    - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
    - CVE-2008-0016: UTF-8 URL stack buffer overflow
  * Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
    - CVE-2008-2785: Remote code execution by overflowing CSS reference counter
    - CVE-2008-2811: Crash and remote code execution in block reflow
    - CVE-2008-2810: Remote site run as local file via Windows URL shortcut
    - CVE-2008-2809: Peer-trusted certs can use alt names to spoof
    - CVE-2008-2808: File location URL in directory listings not escaped properly
    - CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
    - CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
    - CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
    - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
    - CVE-2008-2803: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
    - CVE-2008-2802: Chrome script loading from fastload file
    - CVE-2008-2801: Signed JAR tampering
    - CVE-2008-2800: XSS through JavaScript same-origin violation
    - CVE-2008-2798..2799: Crashes with evidence of memory corruption
    - CVE-2008-1380: Crash in JavaScript garbage collector
  * Refresh diverged patch:
    - update debian/patches/80_security_build.patch
  * Fix FTBFS with missing -lfontconfig
    - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
    - update debian/patches/series

Date: Tue, 30 Sep 2008 22:44:30 +0200
Changed-By: Fabien Tassin <fta at ubuntu.com>
Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/seamonkey/1.1.12+nobinonly-0ubuntu0.8.04.1
-------------- next part --------------
Format: 1.7
Date: Tue, 30 Sep 2008 22:44:30 +0200
Source: seamonkey
Binary: iceape iceape-browser iceape-calendar iceape-chatzilla iceape-dbg iceape-dev iceape-dom-inspector iceape-gnome-support iceape-mailnews mozilla mozilla-browser mozilla-calendar mozilla-chatzilla mozilla-dev mozilla-dom-inspector mozilla-js-debugger mozilla-mailnews mozilla-psm seamonkey seamonkey-browser seamonkey-chatzilla seamonkey-dbg seamonkey-dev seamonkey-dom-inspector seamonkey-gnome-support seamonkey-mailnews
Architecture: amd64 hppa all i386 ia64 lpia powerpc source sparc
Version: 1.1.12+nobinonly-0ubuntu0.8.04.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam at lists.ubuntu.com>
Changed-By: Fabien Tassin <fta at ubuntu.com>
Description:
 iceape     - dummy upgrade package for the SeaMonkey Internet Suite
 iceape-browser - dummy upgrade package for SeaMonkey Navigator
 iceape-calendar - dummy upgrade package for SeaMonkey Navigator
 iceape-chatzilla - dummy upgrade package for SeaMonkey Chatzilla IRC client
 iceape-dbg - dummy upgrade package for SeaMonkey Debug package
 iceape-dev - dummy upgrade package for SeaMonkey SDK
 iceape-dom-inspector - dummy upgrade package for the DOM Inspector for the SeaMonkey Int
 iceape-gnome-support - dummy upgrade package for SeaMonkey Gnome Support
 iceape-mailnews - dummy upgrade package for SeaMonkey Mail & Newsgroups and Address
 mozilla    - dummy upgrade package for the SeaMonkey Internet Suite
 mozilla-browser - dummy upgrade package for SeaMonkey Navigator and Composer
 mozilla-calendar - dummy upgrade package for SeaMonkey Calendar
 mozilla-chatzilla - dummy upgrade package for SeaMonkey Chatzilla IRC client
 mozilla-dev - dummy upgrade package for development file for the SeaMonkey Inte
 mozilla-dom-inspector - dummy upgrade package for the DOM Inspector for the SeaMonkey Int
 mozilla-js-debugger - dummy upgrade package for venkman
 mozilla-mailnews - dummy upgrade package for SeaMonkey Mail & Newsgroups and Address
 mozilla-psm - dummy upgrade package for SeaMonkey Navigator
 seamonkey  - The Seamonkey Internet Suite
 seamonkey-browser - Seamonkey Navigator (Internet browser) and Composer
 seamonkey-chatzilla - Seamonkey Chatzilla IRC client
 seamonkey-dbg - Debugging symbols for the Seamonkey Internet Suite
 seamonkey-dev - Development files for the Seamonkey Internet Suite
 seamonkey-dom-inspector - DOM inspector for the Seamonkey Internet Suite
 seamonkey-gnome-support - Gnome support for the Seamonkey Internet Suite
 seamonkey-mailnews - Seamonkey Mail & Newsgroups and Address Book
Changes:
 seamonkey (1.1.12+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low
 .
   * New security upstream release: 1.1.12 (LP: #276437)
     - CVE-2008-4070: Heap overflow when canceling newsgroup message
     - CVE-2008-4069: XBM image uninitialized memory reading
     - CVE-2008-4067..4068: resource: traversal vulnerabilities
     - CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
     - CVE-2008-4061..4064: Crashes with evidence of memory corruption
     - CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
     - CVE-2008-3837: Forced mouse drag
     - CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
     - CVE-2008-0016: UTF-8 URL stack buffer overflow
   * Also includes security fixes from 1.1.11 and 1.1.10 (LP: #218534)
     - CVE-2008-2785: Remote code execution by overflowing CSS reference counter
     - CVE-2008-2811: Crash and remote code execution in block reflow
     - CVE-2008-2810: Remote site run as local file via Windows URL shortcut
     - CVE-2008-2809: Peer-trusted certs can use alt names to spoof
     - CVE-2008-2808: File location URL in directory listings not escaped properly
     - CVE-2008-2807: Faulty .properties file results in uninitialized memory being used
     - CVE-2008-2806: Arbitrary socket connections with Java LiveConnect on Mac OS X
     - CVE-2008-2805: Arbitrary file upload via originalTarget and DOM Range
     - MFSA 2008-26 (follow-up of CVE-2008-0304): Buffer length checks in MIME processing
     - CVE-2008-2803: Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
     - CVE-2008-2802: Chrome script loading from fastload file
     - CVE-2008-2801: Signed JAR tampering
     - CVE-2008-2800: XSS through JavaScript same-origin violation
     - CVE-2008-2798..2799: Crashes with evidence of memory corruption
     - CVE-2008-1380: Crash in JavaScript garbage collector
   * Refresh diverged patch:
     - update debian/patches/80_security_build.patch
   * Fix FTBFS with missing -lfontconfig
     - add debian/patches/11_fix_ftbfs_with_fontconfig.patch
     - update debian/patches/series
Files:
 89d54d79a93dc02c9326f8af6b7c1723 10419592 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_amd64.deb
 8c6841a4104a59f0825793d280652a7e 36228 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_amd64.deb
 5724afddec709c968c4fb83c7b2e8fd2 10478 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_amd64.deb
 20ba859d18ba3f548847c282298c81db 2026216 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_amd64.deb
 0a4830688ada3c17bd2b25ce7f9be7c7 148522 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_amd64.deb
 5c8fb100eb9b9bc46728cbd7c54f38d3 11510858 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_hppa.deb
 bbccbfafdb81fa5a5be2942aa61cb672 38020 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_hppa.deb
 037a74b64b1d0f2487eba8466c3790f1 10474 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_hppa.deb
 4b97a718cb5a7321a84c4365eb9d1258 2250258 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_hppa.deb
 39b5827ee002c881f23beb3f07c1af2a 148528 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_hppa.deb
 1fc1b1ea1bc75999b86d2c59448e3478 23960 web optional seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 9c0bfe39021b128f4cdd694cb0f9fac2 3538796 devel optional seamonkey-dev_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 2bb05ff5c651308bcce149b236c7555c 307282 net optional seamonkey-chatzilla_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 3579556ed0431e9abbc4dcf025b8994b 10330 web optional mozilla_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 bba714e1de1d79cceb7758a2b5182543 22592 web optional mozilla-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 02e3f5b44b00ade6a0cda943e59ef309 10354 devel optional mozilla-dev_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 965f38d29da6c1b7b5119e7d0d4cdb78 22598 mail optional mozilla-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 0b21f0616986260fa415aa75ec83175f 10352 net optional mozilla-chatzilla_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 482111cc77b58e6b5b2cbe7788dcf4c3 22586 web optional mozilla-psm_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 36f0698ac2a2fbb1693a8ae376cd48de 22614 web optional mozilla-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 8afe8349d6c374c341267e46e1e0a57a 22616 devel optional mozilla-js-debugger_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 b950d0108e6415a30d2924419b2765b2 22590 misc optional mozilla-calendar_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 9c530291679f71f6af88f6ca8cad69d5 10344 web optional iceape_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 803379641f7c8cbf2a877d7b3a7f9b6f 22938 web optional iceape-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 6baae591b7fc23c95cdb0f1088ab3a0c 22610 web optional iceape-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 c913606cd8956acec2826a51116385d5 10344 web optional iceape-dev_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 eb5d12e5d9af7290db610ea823db9def 22584 web optional iceape-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 e64c9f33624c0c62bc1e8a1e1d62eb83 22610 mail optional iceape-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 0cbdad55cc7d06673b428d5bf1ed199f 10358 net optional iceape-chatzilla_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 f6d07a90c1a00f304204a207736cab2a 22596 web optional iceape-calendar_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 4992d5582369577c61cec00435d506d4 22626 web optional iceape-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_all.deb
 4190c66f5b5a59449d3bd55f4c74fb0d 9166312 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_i386.deb
 772179abc29fb6b048600265fde23191 31418 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_i386.deb
 1e8f3716a009fd430de87b26d3e4a26b 10476 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_i386.deb
 3ea3c939c9cab04f795146e1f6130f5b 1808048 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_i386.deb
 161b7f9e473191df744abf285a735f6f 148528 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_i386.deb
 b86c8c6ae195c17d3e321bb5ac9e1a56 13249690 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_ia64.deb
 5a25bbc9224ad201a61d86f61819d56c 43178 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_ia64.deb
 72c87e153fe82be51645c99faa04e7b1 10478 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_ia64.deb
 f3105cdcab2eca69aab833ba17658002 2594718 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_ia64.deb
 d53742c29bf590de0f191726d7093839 148518 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_ia64.deb
 89a26c652e96e8a7390873b29592d117 8945450 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_lpia.deb
 88ed5491d91ba192d75697fffb4bacaf 30998 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_lpia.deb
 a59712ee3bde44d05a8939c30514811c 10472 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_lpia.deb
 d2944340e875ecedb72a2191130c9635 1774684 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_lpia.deb
 7b20aa62f92c58cf8c0353158606357f 148518 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_lpia.deb
 a727a4b8b00156ea7771e8ece53fe853 9883458 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_powerpc.deb
 2b1d4fb20ce165b68662f35610c76d57 33534 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_powerpc.deb
 0b89b123e22ad52ffbe2f0a8e0ce668d 10480 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_powerpc.deb
 1b4ac7393f50ec72025d2188521b1a41 1928688 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_powerpc.deb
 64f689a81da100c50f5910ba46d15bc9 148526 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_powerpc.deb
 c9207e22276ed1e96bad17358b97e116 1632 net optional seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1.dsc
 4e6ba82ac2dcf7d6712888b0c2f42d50 45463099 net optional seamonkey_1.1.12+nobinonly.orig.tar.gz
 2ec31d71619ccef9ff1224a7196f9624 139270 net optional seamonkey_1.1.12+nobinonly-0ubuntu0.8.04.1.diff.gz
 b57dce1361ecf57f5613c1ad76225ff9 9476450 web optional seamonkey-browser_1.1.12+nobinonly-0ubuntu0.8.04.1_sparc.deb
 a34c37629360d97c033e6a75dd31f40a 30896 web optional seamonkey-gnome-support_1.1.12+nobinonly-0ubuntu0.8.04.1_sparc.deb
 19b75c23740dfd347a97a40005cc8e34 10476 devel extra seamonkey-dbg_1.1.12+nobinonly-0ubuntu0.8.04.1_sparc.deb
 452330f0fdb6d246484af317b9078b46 1827368 mail optional seamonkey-mailnews_1.1.12+nobinonly-0ubuntu0.8.04.1_sparc.deb
 b1bfe06bf34fcc33af33249fc88eb4dc 148524 web optional seamonkey-dom-inspector_1.1.12+nobinonly-0ubuntu0.8.04.1_sparc.deb
Launchpad-Bugs-Fixed: 218534 276437

More information about the Hardy-changes mailing list