[Bug 309655] Re: Seamonkey 1.1.14 security upgrade

Launchpad Bug Tracker 309655 at bugs.launchpad.net
Tue Mar 31 10:50:15 UTC 2009 

This bug was fixed in the package seamonkey - 1.1.15+nobinonly-0ubuntu1

---------------
seamonkey (1.1.15+nobinonly-0ubuntu1) jaunty; urgency=low

  * New security upstream release: 1.1.15 (LP: #309655)
    - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
    - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
    - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
    - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
    - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

seamonkey (1.1.14+nobinonly-0ubuntu1) jaunty; urgency=low

  [ Alexander Sack ]
  * New security upstream release: 1.1.14 (LP: #309655)
    - CVE-2008-5511: XSS and JavaScript privilege escalation
    - CVE-2008-5510: Escaped null characters ignored by CSS parser
    - CVE-2008-5508: Errors parsing URLs with leading whitespace and controlcharacters
    - CVE-2008-5507: Cross-domain data theft via script redirect error message
    - CVE-2008-5506: XMLHttpRequest 302 response disclosure
    - CVE-2008-5503: Information stealing via loadBindingDocument
    - CVE-2008-5501..5500: Crashes with evidence of memory corruption
      (rv:1.9.0.5/1.8.1.19)
  * drop patches applied upstream
    - delete debian/patches/35_zip_cache.patch
    - update debian/patches/series

 -- John Vivirito <gnomefreak at ubuntu.com>   Sat, 21 Mar 2009 11:26:47
-0400

** Changed in: seamonkey (Ubuntu)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5501

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5503

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5506

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5507

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5508

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5510

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5511

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0040

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0352

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0357

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0771

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0776

-- 
 Seamonkey 1.1.14 security upgrade
https://bugs.launchpad.net/bugs/309655
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list