This bug was fixed in the package seamonkey - 1.1.15+nobinonly-
0ubuntu0.8.10.2
---------------
seamonkey (1.1.15+nobinonly-0ubuntu0.8.10.2) intrepid-security; urgency=low
* CVE-2009-1044: Arbitrary code execution via XUL tree element
- add debian/patches/90_181_484320_attachment_368977.patch
- update debian/patches/series
* CVE-2009-1169: XSL Transformation vulnerability
- add 90_181_485217_attachment_369357.patch
- add debian/patches/90_181_485286_attachment_369457.patch
seamonkey (1.1.15+nobinonly-0ubuntu0.8.10.1) intrepid-security;
urgency=low
* New security upstream release: 1.1.15 (LP: #309655)
- CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
- CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
- CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
- CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
- CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain
redirect
seamonkey (1.1.14+nobinonly-0ubuntu0.8.10.1) intrepid-security;
urgency=low
* * New security upstream release: 1.1.14 (LP: #309655)
- CVE-2008-5511: XSS and JavaScript privilege escalation
- CVE-2008-5510: Escaped null characters ignored by CSS parser
- CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
- CVE-2008-5507: Cross-domain data theft via script redirect error message
- CVE-2008-5506: XMLHttpRequest 302 response disclosure
- CVE-2008-5503: Information stealing via loadBindingDocument
- CVE-2008-5501..5500: Crashes with evidence of memory corruption
(rv:1.9.0.5/1.8.1.19)
* drop patches applied upstream
- delete debian/patches/35_zip_cache.patch
- update debian/patches/series
-- Alexander Sack <a...@ubuntu.com> Tue, 31 Mar 2009 13:21:19 +0200
--
Seamonkey 1.1.14 security upgrade
https://bugs.launchpad.net/bugs/309655
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
