[Bug 309655] Re: Seamonkey 1.1.14 security upgrade

Launchpad Bug Tracker 309655 at bugs.launchpad.net
Wed Apr 1 21:44:39 UTC 2009 

This bug was fixed in the package seamonkey - 1.1.15+nobinonly-
0ubuntu0.8.04.2

---------------
seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.2) hardy-security; urgency=low

  * CVE-2009-1044: Arbitrary code execution via XUL tree element
    - add debian/patches/90_181_484320_attachment_368977.patch
    - update debian/patches/series
  * CVE-2009-1169: XSL Transformation vulnerability
    - add 90_181_485217_attachment_369357.patch
    - add debian/patches/90_181_485286_attachment_369457.patch

seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release: 1.1.15 (LP: #309655)
    - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard
    - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6)
    - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies
    - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7)
    - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect

seamonkey (1.1.14+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low

  * New security upstream release: 1.1.14 (LP: #309655)
    - CVE-2008-5511: XSS and JavaScript privilege escalation
    - CVE-2008-5510: Escaped null characters ignored by CSS parser
    - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$
    - CVE-2008-5507: Cross-domain data theft via script redirect error message
    - CVE-2008-5506: XMLHttpRequest 302 response disclosure
    - CVE-2008-5503: Information stealing via loadBindingDocument
    - CVE-2008-5501..5500: Crashes with evidence of memory corruption
      (rv:1.9.0.5/1.8.1.19)
  * drop patches applied upstream
    - delete debian/patches/35_zip_cache.patch
    - update debian/patches/series

 -- Alexander Sack <asac at ubuntu.com>   Tue, 31 Mar 2009 13:21:19 +0200

** Changed in: seamonkey (Ubuntu Hardy)
       Status: Triaged => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1044

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1169

** Changed in: seamonkey (Ubuntu Intrepid)
       Status: Triaged => Fix Released

-- 
 Seamonkey 1.1.14 security upgrade
https://bugs.launchpad.net/bugs/309655
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list