ALT Linux repositórios
S: | 2.53.17.1-alt1 |
5.0: | 1.1.16-alt1 |
4.1: | 1.1.16-alt0.M41.1 |
+updates: | 1.1.13-alt0.M41.1 |
4.0: | 1.1.12-alt0.M40.1 |
Group :: Rede/WWW
RPM: seamonkey
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
13 novembro 2008 Michael Shigorin <mike at altlinux.org> 1:1.1.13-alt0.M41.1
- 1.1.13 security update built for M41
+MFSA 2008-58 Parsing error in E4X default namespace
+MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
+MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
+MFSA 2008-55 Crash and remote code execution in nsFrameManager
+MFSA 2008-54 Buffer overflow in http-index-format parser
+MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
+MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
+MFSA 2008-50 Crash and remote code execution via __proto__ tampering
+MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading
+MFSA 2008-48 Image stealing via canvas and HTTP redirect
+MFSA 2008-47 Information stealing via local shortcut files
- 1.1.12 security update built for M41
+ MFSA 2008-46 Heap overflow when canceling newsgroup message
+ MFSA 2008-45 XBM image uninitialized memory reading
+ MFSA 2008-44 resource: traversal vulnerabilities
+ MFSA 2008-43 BOM characters stripped from JavaScript before execution
+ MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
+ MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
+ MFSA 2008-40 Forced mouse drag
+ MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
+ MFSA 2008-37 UTF-8 URL stack buffer overflow
- built for M41
- 1.1.11 security update
+ MFSA 2008-34 Remote code execution by overflowing CSS reference counter
- 1.1.10 security update
+ MFSA 2008-33 Crash and remote code execution in block reflow
+ MFSA 2008-32 Remote site run as local file via Windows URL shortcut
+ MFSA 2008-31 Peer-trusted certs can use alt names to spoof
+ MFSA 2008-30 File location URL in directory listings not escaped properly
+ MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
+ MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
+ MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
+ MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
+ MFSA 2008-24 Chrome script loading from fastload file
+ MFSA 2008-23 Signed JAR tampering
+ MFSA 2008-22 XSS through JavaScript same-origin violation
+ MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)
+ MFSA 2008-20 Crash in JavaScript garbage collector
- Fix building with new sisyphus_check
- Applied a patch from RedHat, fixing CVE-2008-1380
- Fix 128x128 icon placement (#12887)
- Restored %_libdir/*.so symlinks for M40 updates (suggested by mike@)
- 1.1.9 security update
+ MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
+ MFSA 2008-18 Java socket connection to any local port via LiveConnect
+ MFSA 2008-17 Privacy issue with SSL Client Authentication
+ MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
+ MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
+ MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
- 1.1.8 security update
+ MFSA 2008-10 URL token stealing via stylesheet redirect
+ MFSA 2008-09 Mishandling of locally-saved plain text files
+ MFSA 2008-06 Web browsing history and forward navigation stealing
+ MFSA 2008-05 Directory traversal via chrome: URI
+ MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
+ MFSA 2008-02 Multiple file input focus stealing vulnerabilities
+ MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12) - Removed .so files from libdir
- Applied fix for shorcuts in non-latin layouts
- 1.1.7 security update
+ MFSA 2007-39 Referer-spoofing via window.location race condition
+ MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
+ MFSA 2007-37 jar: URI scheme XSS hazard
- 1.1.5 security update
+ MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
+ MFSA 2007-35 XPCNativeWrapper pollution using Script object
+ MFSA 2007-34 Possible file stealing through sftp protocol
+ MFSA 2007-33 XUL pages can hide the window titlebar
+ MFSA 2007-32 File input focus stealing vulnerability
+ MFSA 2007-31 Browser digest authentication request splitting
+ MFSA 2007-30 onUnload Tailgating
+ MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)
+ MFSA 2007-28 Code execution via QuickTime Media-link files
- 1.1.4 security update
+ MFSA 2007-27 Unescaped URIs passed to external programs
+ MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows
+ MFSA 2007-23 Remote code execution by launching SeaMonkey from Internet Explorer - During postun, call rebuild-databases.sh only if it exists
- 1.1.3 security update
+ MFSA 2007-25 XPCNativeWrapper pollution
+ MFSA 2007-24 Unauthorized access to wyciwyg:// documents
+ MFSA 2007-22 File type confusion due to %00 in name
+ MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
+ MFSA 2007-20 Frame spoofing while window is loading
+ MFSA 2007-19 XSS using addEventListener and setTimeout
+ MFSA 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5) - All subpackages with postun sections require seamonkey package during postun (#12002)
- 1.1.2 security update
+ MFSA 2007-17 XUL Popup Spoofing
+ MFSA 2007-16 XSS using addEventListener
+ MFSA 2007-15 Security Vulnerability in APOP Authentication
+ MFSA 2007-14 Path Abuse in Cookies
+ MFSA 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)
- Built with new libnspr
- Cool version with six 1's: 1:1.1.1-alt1.1 :)
- New upstream release (1.1.1)
- Following critical security vulnerabilities were fixed:
+ MFSA 2007-08 onUnload + document.write() memory corruption
+ MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
+ MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
+ MFSA 2007-05 XSS and local file access by opening blocked popups
+ MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
+ MFSA 2007-03 Information disclosure through cache collisions
+ MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
+ MFSA 2007-01 Crashes with evidence of memory corruption (rv:1.8.0.10/1.8.1.2) - The tab-preview tooltips no longer show a preview for the active tab.
- New upstream release (1.1)
- seamonkey-caledar subpackage removed by upstream.
- Added dependancy for seamonkey-psm (#2316)
- New upstream release (1.0.7)
- Following critical security vulnerabilities were fixed:
+ MFSA 2006-75 RSS Feed-preview referrer leak
+ MFSA 2006-74 Mail header processing heap overflows
+ MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
+ MFSA 2006-72 XSS by setting img.src to javascript: URI
+ MFSA 2006-71 LiveConnect crash finalizing JS objects
+ MFSA 2006-70 Privilege escallation using watch point
+ MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
+ MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)
- Removed -fstack-protector and -D_FORTIFY_SOURCE=2 from optflags
- Moved "enigmail" upper as suggested by Dmitry Katsubo <dma_k@mail.ru>
- Packed seamonkey-xremote-client (fixes #10299)
- Moved macros to rpm-build-seamonkey package.
- seamonkey-devel now requires rpm-build-seamonkey package to preserve backward compatibility.
- New upstream release (1.0.6)
- Following critical security vulnerabilities were fixed:
+ MFSA 2006-67 Running Script can be recompiled
+ MFSA 2006-66 RSA signature forgery (variant)
+ MFSA 2006-65 Crashes with evidence of memory corruption (rv:1.8.0.8)
- Removed libssp-devel from BuildReqs
- Updated enigmail to 0.94.1
- Changed libdir in seamonkey-*.pc to /usr/lib/mozilla
- 1.0.5 version.
- Marked installed-chrome.txt as a config file, this should save language
and skin selection after an upgrade. - Corrected seamonkey-mail desktop file.
- Enabled extensions building.
- Provides: mozilla = 1.8
- Built with system mozldap
- Added searching plugins in %browser_plugins_path
- Fixed pkgconfig and seamonkey-config (replaced /usr/lib/seamonkey-1.0.4 with /usr/lib)
- Fixed #4352
- Disabled link prefetching by default to be more traffic friendly
- Added Provides and Obsoletes: mozilla-*
- Move all from /usr/lib/seamonkey to /usr/lib/mozilla
- 1.0.4
- more spec cleanup as suggested by php-coder@
- first build for Sisyphus
- based on cleaned up mozilla.spec