SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for seamonkey-2.0.14-1.30.x86_64.rpm :
Fri Apr 22 14:00:00 2011 pcernyAATTnovell.com
- fixed hunspell patch

Thu Apr 21 14:00:00 2011 wrAATTrosenauer.org
- security update to version 2.0.14

Wed Mar 23 13:00:00 2011 wrAATTrosenauer.org
- security update to version 2.0.13 (bnc#680771)

* MFSA 2011-11 (bmo#642395)
Update HTTPS certificate blacklist

Mon Jan 24 13:00:00 2011 wrAATTrosenauer.org
- security update to version 2.0.12 (bnc#667155)

* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062
Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

* MFSA 2011-02/CVE-2011-0051 (bmo#616659)
Recursive eval call causes confirm dialogs to evaluate to true

* MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255)
Use-after-free error in JSON.stringify

* MFSA 2011-04/CVE-2011-0054 (bmo#615657)
Buffer overflow in JavaScript upvarMap

* MFSA 2011-05/CVE-2011-0056 (bmo#622015)
Buffer overflow in JavaScript atom map

* MFSA 2011-06/CVE-2011-0057 (bmo#626631)
Use-after-free error using Web Workers

* MFSA 2011-08/CVE-2010-1585 (bmo#562547)
ParanoidFragmentSink allows javascript: URLs in chrome documents

* MFSA 2011-09/CVE-2011-0061 (bmo#610601)
Crash caused by corrupted JPEG image

* MFSA 2011-10/CVE-2011-0059 (bmo#573873)
CSRF risk with plugins and 307 redirects

Mon Jan 10 13:00:00 2011 wrAATTrosenauer.org
- add x-scheme-handlers to desktop files as needed by newer Gnome
environment

Thu Nov 25 13:00:00 2010 wrAATTrosenauer.org
- security update to version 2.0.11 (bnc#657016)

* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778
Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

* MFSA 2010-75/CVE-2010-3769 (bmo#608336)
Buffer overflow while line breaking after document.write with
long string

* MFSA 2010-76/CVE-2010-3771 (bmo#609437)
Chrome privilege escalation with window.open and element

* MFSA 2010-77/CVE-2010-3772 (bmo#594547)
Crash and remote code execution using HTML tags inside a XUL tree

* MFSA 2010-78/CVE-2010-3768 (bmo#527276)
Add support for OTS font sanitizer

* MFSA 2010-79/CVE-2010-3775
Java security bypass from LiveConnect loaded via data: URL
meta refresh

* MFSA 2010-80/CVE-2010-3766 (bmo#590771)
Use-after-free error with nsDOMAttribute MutationObserver

* MFSA 2010-81/CVE-2010-3767 (bmo#599468)
Integer overflow vulnerability in NewIdArray

* MFSA 2010-82/CVE-2010-3773 (bmo#554449)
Incomplete fix for CVE-2010-0179

* MFSA 2010-83/VE-2010-3774 (bmo#602780)
Location bar SSL spoofing using network error page

* MFSA 2010-84/CVE-2010-3770 (bmo#601429)
XSS hazard in multiple character encodings

Wed Oct 27 14:00:00 2010 wrAATTrosenauer.org
- security update to version 2.0.10 (bnc#649492)

* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion

Thu Oct 7 14:00:00 2010 wrAATTrosenauer.org
- security update to version 2.0.9 (bnc#645315)

* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards

* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write

* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp

* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter

* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs

* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls

* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses

* MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502)
Unsafe library loading vulnerabilities

* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange

* removed upstreamed mozilla-helper-app.patch
- require mozilla-nss >= 3.12.8

Wed Sep 15 14:00:00 2010 wrAATTrosenauer.org
- update to 2.0.8

* fixing startup topcrash (bmo#594699)

* add \"face\" to the list of white-listed attributes (bmo#592601)
- added Cairo LCD filter patch to enable subpixel hinting where
supported (bnc#638186) (mozilla-cairo-lcd.patch)

Thu Aug 26 14:00:00 2010 wrAATTrosenauer.org
- security upate to 2.0.7 (bnc#637303)

* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards

* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability

* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array

* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText

* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection

* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution

* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView

* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument

* MFSA 2010-60/CVE-2010-2763 (bmo#585284)
XSS using SJOW scripted function

* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using type
attribute

* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS

* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText
- always use internal cairo (bnc#622375, bnc#626042)

Fri Jul 16 14:00:00 2010 wrAATTrosenauer.org
- security update to 2.0.6 (bnc#622506)

* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards

* MFSA 2010-35/CVE-2010-1208 (bmo#572986)
DOM attribute cloning remote code execution vulnerability

* MFSA 2010-36/CVE-2010-1209 (bmo#552110)
Use-after-free error in NodeIterator

* MFSA 2010-37/CVE-2010-1214 (bmo#572985)
Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability

* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow

* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability

* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image

* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts

* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
Multiple location bar spoofing vulnerabilities

* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS

* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages

Fri May 7 14:00:00 2010 wrAATTrosenauer.org
- security update to 2.0.5 (bnc#603356)

* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion

* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.1.10)

* MFSA 2010-27/CVE-2010-0183 (bmo#557174)
Use-after-free error in nsCycleCollector::MarkRoots()

* MFSA 2010-28/CVE-2010-1198 (bmo#532246)
Freed object reuse across plugin instances

* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal

* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting

* MFSA 2010-31/CVE-2010-1125 (bmo#552255)
focus() behavior can be used to inject or steal keystrokes

* MFSA 2010-32/CVE-2010-1197 (bmo#537120)
Content-Disposition: attachment ignored if
Content-Type: multipart also present

* MFSA 2010-33/CVE-2008-5913 (bmo#475585)
User tracking across sites using Math.random()

Wed Mar 17 13:00:00 2010 wrAATTrosenauer.org
- security update to 2.0.4 (bnc#586567)

* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption

* MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928)
Remote code execution with use-after-free in nsTreeSelection

* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView

* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray

* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop

* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication

* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor

* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn\'t check nsIContentPolicy

Wed Feb 24 13:00:00 2010 wrAATTrosenauer.org
- added translation subpackages

Wed Feb 17 13:00:00 2010 wrAATTrosenauer.org
- security update to 2.0.3 (bnc#576969)

* MFSA-2010-01/CVE-2010-0159
Crashes with evidence of memory corruption

* MFSA-2010-02/CVE-2010-0160
Web Worker Array Handling Heap Corruption Vulnerability

* MFSA-2010-03/CVE-2009-1571 (bmo#526500)
Use-after-free crash in HTML parser

* MFSA-2010-04/CVE-2009-3988 (bmo#504862)
XSS due to window.dialogArguments being readable cross-domain

* MFSA-2010-05/CVE-2010-0162 (bmo#455472)
XSS hazard using SVG document and binary Content-Type

Mon Jan 18 13:00:00 2010 vuntzAATTopensuse.org
- Remove unneeded orbit-devel BuildRequires.

Tue Jan 5 13:00:00 2010 wrAATTrosenauer.org
- stability update to 2.0.2 (bnc#568011)

* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)

Thu Dec 10 13:00:00 2009 wrAATTrosenauer.org
- security update to 2.0.1 (bnc#559807)

* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)

* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library

* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library

* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability

* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities

* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener

Mon Oct 19 14:00:00 2009 wrAATTrosenauer.org
- update to 2.0rc2 which might become the final 2.0 version

* based on final Gecko 1.9.1.4 (build3)

Thu Oct 8 14:00:00 2009 wrAATTrosenauer.org
- update to 2.0rc1

* based on Gecko 1.9.1.4

* removed upstreamed patches

* compatible with enigmail (bnc#544326, bnc#530811)
- fixed startup notification (bnc#518603)
(mozilla-startup-notification.patch)

Mon Sep 14 14:00:00 2009 wrAATTrosenauer.org
- update to 2.0b2

* removed obsolete mozilla-jemalloc_deepbind.patch and
mozilla-app-launcher.patch
- remove obsolete code for protocol handlers (bmo#389732)
- allow alternative button order for Gtk filechooser (bnc#527418)
- added mozilla-prefer_plugin_pref.patch to introduce a new set of
prefs to support preferring certain plugins for mime-types
- added mozilla-sysplugin-biarch.patch to use
/usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)

Thu Aug 20 14:00:00 2009 wrAATTrosenauer.org
- added Provides and Obsoletes for package merge (bnc#532678)
- allow alternative button order for Gtk filechooser (bnc#527418)

Tue Jul 28 14:00:00 2009 wrAATTrosenauer.org
- fixed %exclude usage

Tue Jul 21 14:00:00 2009 wrAATTrosenauer.org
- update to 2.0b1
- added create-tar.sh to source package
- removed enigmail as it\'s provided as an own package built in
Thunderbird now

Thu Jul 9 14:00:00 2009 AATTrosenauer.org
- update to 2.0a3-20090707 snapshot
- define MOZ_APP_LAUNCHER for session management (bmo#453689)
(mozilla-app-launcher.patch and mozilla.sh.in)
- move intl.locale.matchOS to distribution specific prefs
(removed locale.patch)
- moved openSUSE specific prefs from greprefs to app prefs
- added mozilla-jemalloc_deepbind.patch to fix various possible
crashes (bnc#503151, bmo#493541)
- added seamonkey-no-update.patch to hide the update menu item

Wed Jun 17 14:00:00 2009 wrAATTrosenauer.org
- major update to 2.0a3-20090617

* based on Gecko 1.9.1

* ported to Mozilla\'s toolkit

Sat Apr 11 14:00:00 2009 wrAATTrosenauer.org
- security update to 1.1.16 (bnc#488955,489411,492354)

* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation

* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift

Thu Mar 19 13:00:00 2009 wrAATTrosenauer.org
- update to security release 1.1.15 (bnc#478625)

* MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773
CVE-2009-0774:
Crashes with evidence of memory corruption (rv:1.9.0.7)

* MFSA 2009-09/CVE-2009-0776:
XML data theft via RDFXMLDataSource and cross-domain redirect

* MFSA 2009-10/CVE-2009-0040:
Upgrade PNG library to fix memory safety hazards
- use nss-shared-helper from 11.1 on which allows migrating to and
sharing with other applications using NSS
(can be disabled completely exporting MOZ_SM_NO_NSSHELPER=1)

Wed Dec 17 13:00:00 2008 hfiguiereAATTsuse.de
- Review and approve changes.

Mon Dec 15 13:00:00 2008 wrAATTrosenauer.org
- update to security release 1.1.14 (bnc#455804)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html

Mon Nov 17 13:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Tue Nov 11 13:00:00 2008 wrAATTrosenauer.org
- update to security release 1.1.13 (bnc#439841)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- fixed desktop file syntax and another rpmlint complaint

Wed Oct 15 14:00:00 2008 mawAATTsuse.de
- Review and approve changes.

Tue Sep 23 14:00:00 2008 wrAATTrosenauer.org
- update to security release 1.1.12 (bnc#429179)
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- merged Factoy and mozilla versions (again)

Fri Sep 5 14:00:00 2008 mauroAATTsuse.de
- Update to Seamonkey 1.1.11 [bnc#407573, bnc#416147]
for details:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.html
- update enigmail to 0.95.7

Fri May 16 14:00:00 2008 schwabAATTsuse.de
- Remove unused includes.

Wed Apr 9 14:00:00 2008 mawAATTsuse.de
- Merge changes and fixes from the build service.

Wed Apr 2 14:00:00 2008 mawAATTsuse.de
- Security update to version 1.1.9 (bnc#370353):
+ MFSA 2008-19/CVE-2008-1241: XUL popup spoofing variant
(cross-tab popups)
+ MFSA 2008-18/CVE-2008-1195 and CVE-2008-1240: Java socket
connection to any local port via LiveConnect
+ MFSA 2008-17/CVE-2007-4879: Privacy issue with SSL Client
Authentication
+ MFSA 2008-16/CVE-2008-1238: HTTP Referrer spoofing with
malformed URLs
+ MFSA 2008-15/CVE-2008-1236 and CVE-2008-1237: Crashes with
evidence of memory corruption (rv:1.8.1.13)
+ MFSA 2008-14/CVE-2008-1233, CVE-2008-1234, and CVE-2008-1235:
JavaScript privilege escalation and arbitrary code execution
- Respin abuild.patch.

Mon Mar 24 13:00:00 2008 mawAATTsuse.de
- Add mozilla-missing-decl.patch, which is necessary when building
against new versions of mozilla-nss (bmo#399589).

Mon Feb 11 13:00:00 2008 mawAATTsuse.de
- Security update to version 1.1.8 (bnc#354469) (thanks, Wolfgang)
+ MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet
redirect
+ MFSA 2008-09/CVE-2008-0592 Mishandling of locally-saved plain
text files
+ MFSA 2008-06/CVE-2008-0419 Web browsing history and forward
navigation stealing
+ MFSA 2008-05/CVE-2008-0418 Directory traversal via chrome:
URI
+ MFSA 2008-03/CVE-2008-0415 Privilege escalation, XSS, Remote
Code Execution
+ MFSA 2008-02/CVE-2008-0414 Multiple file input focus stealing
vulnerabilities
+ MFSA 2008-01/CVE-2008-0412 Crashes with evidence of memory
corruption (rv:1.8.1.12)
- Update enigmail to version 0.95.6.

Thu Jan 17 13:00:00 2008 mawAATTsuse.de
- Add mozilla-maxpathlen.patch (#354150 and bmo #412610).

Tue Nov 13 13:00:00 2007 mawAATTsuse.de
- Add seamonkey-gcc4.3-fixes.patch.

Fri Oct 19 14:00:00 2007 mawAATTsuse.de
- security update to version 1.1.5 (#332512) (thanks, Wolfgang)

* MFSA 2007-29 Crashes with evidence of memory corruption

* MFSA 2007-30 onUnload Tailgating

* MFSA 2007-31 Digest authentication request splitting

* MFSA 2007-32 File input focus stealing vulnerability

* MFSA 2007-33 XUL pages can hide the window titlebar

* MFSA 2007-34 Possible file stealing through sftp protocol

* MFSA 2007-35 XPCNativeWraper pollution using Script object
complete advisories on
http://www.mozilla.org/projects/security/known-vulnerabilities.html

Thu Sep 13 14:00:00 2007 cthielAATTsuse.de
- recommend gpg instead of requireing fixed paths

Wed Sep 12 14:00:00 2007 mawAATTsuse.de
- Added GPG/pinentry requirements (#309160)
- Don\'t run %fdupes on directories where multiple partitions
are liable to be mounted.

Mon Sep 3 14:00:00 2007 mawAATTsuse.de
- Correct releasedate.

Tue Aug 21 14:00:00 2007 mawAATTsuse.de
- Merge recent changes from the build service (thanks, Wolfgang):
+ Update to security release 1.1.4:

* MFSA 2007-26 Privilege escalation through chrome-loaded
about:blank windows

* MFSA 2007-27 Unescaped URIs passed to external programs
(only relevant on Windows)
+ Add gnome-vfs.patch to be able to use helper apps with parameters
+ Update enigmail to version 0.95.3
+ Fixed unreadable GIF in the LEO searchplugin
- Use %fdupes.

Tue Aug 21 14:00:00 2007 ajAATTsuse.de
- Use openSUSE instead of SUSE Linux as bookmark.

Wed Aug 15 14:00:00 2007 mawAATTsuse.de
- On x86_64, s390, and s390x, deactivate the hidden visibility
support, thereby fixing the build.

Thu Jun 21 14:00:00 2007 adrianAATTsuse.de
- fix changelog entry order

Wed Jun 20 14:00:00 2007 mawAATTsuse.de
- Don\'t hardcode /tmp anywhere; use %{_tmppath} instead.

Tue Jun 19 14:00:00 2007 mawAATTsuse.de
- Merge updates to version 1.1.2 and enigmail version 0.95.0 from
the build service (thanks, Wolfgang)
- Don\'t build as root
- Add unzip as a build requirement.

Thu Jun 7 14:00:00 2007 sbrabecAATTsuse.cz
- Removed invalid desktop Category \"Application\" (#254654).

Wed May 2 14:00:00 2007 stbinnerAATTsuse.de
- install .desktop files into /usr/share/applications

Wed Dec 20 13:00:00 2006 mkoenigAATTsuse.de
- fix build

Thu Nov 16 13:00:00 2006 mkoenigAATTsuse.de
- update to CVS version 20061107 from buildservice [#221676]

Wed Nov 15 13:00:00 2006 sbrabecAATTsuse.cz
- Fixed Requires/Provides correctly (#216100#c14).

Fri Nov 3 13:00:00 2006 sbrabecAATTsuse.cz
- Do not provide and require internal libraries (#216100).
- Use safer place for build-temporary files.

Sat Oct 21 14:00:00 2006 ajAATTsuse.de
- from openSUSE Buildservice (thanks Wolfgang Rosenauer):

* update to SeaMonkey 1.1a-20060907

* update enigmail to 0.94.1: Added support for signing
attachments with inline-PGP

Tue Sep 12 14:00:00 2006 starkAATTsuse.de
- update to security/stability release 1.0.5
- removed libaoss usage because it\'s too fragile

Sun Aug 6 14:00:00 2006 starkAATTsuse.de
- update enigmail to 0.94.1

* Added support for signing attachments with inline-PGP

Sun Aug 6 14:00:00 2006 ajAATTsuse.de
- Fix build (remove wrong extern \"C\").

Sat Jul 29 14:00:00 2006 starkAATTsuse.de
- update to 1.0.4 fixing a major regression in 1.0.3 (#195402)

Thu Jul 27 14:00:00 2006 starkAATTsuse.de
- update to security release 1.0.3 (#195043)
- fix overwrite confirmation for GTK filesaver (#179531)
- fixed printing crash if the last used printer is not available
anymore (#187013)


 
ICM