[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
*** This bug is a duplicate of bug 356274 *** https://bugs.launchpad.net/bugs/356274 Marking as a duplicate of bug 356274 ** This bug has been marked a duplicate of bug 356274 [MASTER] Please update seamonkey to latest 1.1.16 -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
This bug was fixed in the package seamonkey - 1.1.15+nobinonly- 0ubuntu0.8.04.2 --- seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.2) hardy-security; urgency=low * CVE-2009-1044: Arbitrary code execution via XUL tree element - add debian/patches/90_181_484320_attachment_368977.patch - update debian/patches/series * CVE-2009-1169: XSL Transformation vulnerability - add 90_181_485217_attachment_369357.patch - add debian/patches/90_181_485286_attachment_369457.patch seamonkey (1.1.15+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low * New security upstream release: 1.1.15 (LP: #309655) - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6) - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7) - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect seamonkey (1.1.14+nobinonly-0ubuntu0.8.04.1) hardy-security; urgency=low * New security upstream release: 1.1.14 (LP: #309655) - CVE-2008-5511: XSS and JavaScript privilege escalation - CVE-2008-5510: Escaped null characters ignored by CSS parser - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$ - CVE-2008-5507: Cross-domain data theft via script redirect error message - CVE-2008-5506: XMLHttpRequest 302 response disclosure - CVE-2008-5503: Information stealing via loadBindingDocument - CVE-2008-5501..5500: Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) * drop patches applied upstream - delete debian/patches/35_zip_cache.patch - update debian/patches/series -- Alexander SackTue, 31 Mar 2009 13:21:19 +0200 ** Changed in: seamonkey (Ubuntu Hardy) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-1044 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-1169 ** Changed in: seamonkey (Ubuntu Intrepid) Status: Triaged => Fix Released -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
This bug was fixed in the package seamonkey - 1.1.15+nobinonly- 0ubuntu0.8.10.2 --- seamonkey (1.1.15+nobinonly-0ubuntu0.8.10.2) intrepid-security; urgency=low * CVE-2009-1044: Arbitrary code execution via XUL tree element - add debian/patches/90_181_484320_attachment_368977.patch - update debian/patches/series * CVE-2009-1169: XSL Transformation vulnerability - add 90_181_485217_attachment_369357.patch - add debian/patches/90_181_485286_attachment_369457.patch seamonkey (1.1.15+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low * New security upstream release: 1.1.15 (LP: #309655) - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6) - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7) - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect seamonkey (1.1.14+nobinonly-0ubuntu0.8.10.1) intrepid-security; urgency=low * * New security upstream release: 1.1.14 (LP: #309655) - CVE-2008-5511: XSS and JavaScript privilege escalation - CVE-2008-5510: Escaped null characters ignored by CSS parser - CVE-2008-5508: Errors parsing URLs with leading whitespace and control ch$ - CVE-2008-5507: Cross-domain data theft via script redirect error message - CVE-2008-5506: XMLHttpRequest 302 response disclosure - CVE-2008-5503: Information stealing via loadBindingDocument - CVE-2008-5501..5500: Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) * drop patches applied upstream - delete debian/patches/35_zip_cache.patch - update debian/patches/series -- Alexander SackTue, 31 Mar 2009 13:21:19 +0200 -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
This bug was fixed in the package seamonkey - 1.1.15+nobinonly-0ubuntu1 --- seamonkey (1.1.15+nobinonly-0ubuntu1) jaunty; urgency=low * New security upstream release: 1.1.15 (LP: #309655) - CVE-2009-0040: Upgrade PNG library to fix memory safety hazard - CVE-2009-0352: Crashes with evidence of memory corruption (rv:1.9.0.6) - CVE-2009-0357: XMLHttpRequest allows reading HTTPOnly cookies - CVE-2009-0771: Crashes with evidence of memory corruption (rv:1.9.0.7) - CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect seamonkey (1.1.14+nobinonly-0ubuntu1) jaunty; urgency=low [ Alexander Sack ] * New security upstream release: 1.1.14 (LP: #309655) - CVE-2008-5511: XSS and JavaScript privilege escalation - CVE-2008-5510: Escaped null characters ignored by CSS parser - CVE-2008-5508: Errors parsing URLs with leading whitespace and controlcharacters - CVE-2008-5507: Cross-domain data theft via script redirect error message - CVE-2008-5506: XMLHttpRequest 302 response disclosure - CVE-2008-5503: Information stealing via loadBindingDocument - CVE-2008-5501..5500: Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) * drop patches applied upstream - delete debian/patches/35_zip_cache.patch - update debian/patches/series -- John ViviritoSat, 21 Mar 2009 11:26:47 -0400 ** Changed in: seamonkey (Ubuntu) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5501 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5503 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5506 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5507 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5508 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5510 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-5511 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0040 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0352 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0357 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0771 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0776 -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
On 2.1.16 there is nothing i can do with it at this time. I will know when the Mozilla packages are released and i in Seamonkeys case i get it done within a day or 2 unless problems with it. The problem i keep running into is getting them into archives but that is something i plan on working on today. -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
> Critical Mozilla bug 485217 has... Please don't get confused by this autolink put in by launchpad. This is an invalid link. -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
There is a new round in the game... Critical Mozilla bug 485217 has just been fixed and is on the list for SeaMonkey 1.1.16 (Firefox 3.0.8 next week as well). Currently there is no release date for SeaMonkey 1.1.16 but maybe this comes soon? Worth waiting? - Regards Wolfgang See... https://bugzilla.mozilla.org/show_bug.cgi?id=485217 http://dev.seamonkey.at/ (Bug Radar) -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 309655] Re: Seamonkey 1.1.14 security upgrade
On 03/21/2009 10:44 AM, John Vivirito wrote: > Sorry yeah i was working on it the other day. Here are the link to PPA for > testing: > https://launchpad.net/~gnomefreak/+archive/ppa > > Alexander can you push this, i have tested on jaunty and its ready at this > time i am unable to test with Intrepid or Hardy here are the branches: > https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x-dev > https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.hardy > https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.intrepid > > The targets do not have -security in them yet > I already updated branches for version number > I fixed branches and PPA packages to use *-security -- Sincerely Yours, John Vivirito https://launchpad.net/~gnomefreak https://wiki.ubuntu.com/JohnVivirito Linux User# 414246 "How can i get lost, if i have no where to go" -- Metallica from Unforgiven III -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
Sorry yeah i was working on it the other day. Here are the link to PPA for testing: https://launchpad.net/~gnomefreak/+archive/ppa Alexander can you push this, i have tested on jaunty and its ready at this time i am unable to test with Intrepid or Hardy here are the branches: https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x-dev https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.hardy https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.intrepid The targets do not have -security in them yet I already updated branches for version number -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
Final Seamonkey 1.1.15 is out now. http://www.seamonkey-project.org/releases/#1.1.15 http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html#seamonkey1.1.15 -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
it seems final 1.1.15 has not yet been released. Once it is i will know and start on it as soon as i can -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 309655] Re: Seamonkey 1.1.14 security upgrade
On 03/06/2009 03:47 AM, FrancisT wrote: > Suggest upgrade to 1.1.15 in the next day or two as this is just being > released to patch some other critical issues > I have already prepared to start this. I will get to it next week. To file bugs against new versions of Mozilla apps really isnt needed but they are fine. We are on top of Mozilla apps, however there are only 3 of us that are packaging the main Mozilla apps at this time. Seamonkey 1.1.15 will be in my PPA sometime next week barring any delay in release. I am unable to work this weekend from what i know at this time but that may change. I will keep track of when it is released as always. :) -- Sincerely Yours, John Vivirito https://launchpad.net/~gnomefreak https://wiki.ubuntu.com/JohnVivirito Linux User# 414246 "How can i get lost, if i have no where to go" -- Metallica from Unforgiven III -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
Suggest upgrade to 1.1.15 in the next day or two as this is just being released to patch some other critical issues -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
These are all done and pushed to PPA and branches are all fixed. Waiting for ack. -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
seems i ran out of room in my PPA so i requested more room so i can finish uploading the packages. but all work and build fine. -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
Waiting for everything to finish building in PPA. I will update this report when done Jaunty: https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x-dev Intrepid: https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.intrepid Hardy: https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.hardy PPA: https://launchpad.net/~gnomefreak/+archive/ppa -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
** Changed in: seamonkey (Ubuntu Hardy) Importance: Undecided => Critical Status: New => Triaged ** Changed in: seamonkey (Ubuntu Hardy) Assignee: (unassigned) => John Vivirito (gnomefreak) ** Changed in: seamonkey (Ubuntu Intrepid) Importance: Undecided => Critical Assignee: (unassigned) => John Vivirito (gnomefreak) Status: New => Triaged ** Changed in: seamonkey (Ubuntu) Importance: Undecided => Critical -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
Pushing hardy's to my PPA at this time and will give you links sometime today. I have to fix my intrepid branch before that can be delt with -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
Jaunty: https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x Intrepid: https://code.launchpad.net/~gnomefreak/seamonkey/seamonkey-1.1.x.intrepid Both are on my PPA as well. I haven't started on Hardy yet -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
we dont get mozilla related packages from debian, we use upstream. -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
I working on latest release for Jaunty at this time. ** Changed in: seamonkey (Ubuntu) Assignee: (unassigned) => John Vivirito (gnomefreak) Status: New => Triaged -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
There is Iceape 1.1.14 available for Debian. -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 309655] Re: Seamonkey 1.1.14 security upgrade
** Visibility changed to: Public -- Seamonkey 1.1.14 security upgrade https://bugs.launchpad.net/bugs/309655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
