SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for seamonkey-2.5-0.15.1.i586.rpm :

* Thu Nov 24 2011 pcernyAATTsuse.com- update to 2.5 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper
* Mon Oct 03 2011 wrAATTrosenauer.org- update to minor release 2.4.1
* fixed staged addon updates
* Mon Sep 26 2011 wrAATTrosenauer.org- update to 2.4 (bnc#720264)
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 Miscellaneous memory safety hazards
* MFSA 2011-39/CVE-2011-3000 (bmo#655389) Defense against multiple Location headers due to CRLF Injection
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 Code installation through holding down Enter
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) Potentially exploitable WebGL crashes
* MFSA 2011-42/CVE-2011-3232 (bmo#653672) Potentially exploitable crash in the YARR regular expression library
* MFSA 2011-43/CVE-2011-3004 (bmo#653926) loadSubScript unwraps XPCNativeWrapper scope parameter
* MFSA 2011-44/CVE-2011-3005 (bmo#675747) Use after free reading OGG headers
* MFSA 2011-45 Inferring keystrokes from motion data- removed obsolete mozilla-cairo-lcd.patch- rebased patches- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in mozilla.sh.in (bnc#680758)
* Wed Sep 14 2011 wrAATTrosenauer.org- add dbus-1-glib-devel to BuildRequires (not pulled in automatically with 12.1)
* Wed Sep 07 2011 pcernyAATTsuse.com- security update to 2.3.3 (bnc#714931)
* Complete blocking of certificates issued by DigiNotar (bmo#683449)
* Fri Sep 02 2011 pcernyAATTsuse.com- security update to 2.3.2 (bnc#714931)
* MFSA 2011-34 Protection against fraudulent DigiNotar certificates (bmo#682927)
* Mon Aug 15 2011 wrAATTrosenauer.org- update to version 2.3 (bnc#712224) included security fixes
* CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985 Miscellaneous memory safety hazards
* CVE-2011-2993 (bmo#657267) Unsigned scripts can call script inside signed JAR
* CVE-2011-2988 (bmo#665934) Heap overflow in ANGLE library
* CVE-2011-0084 (bmo#648094) Crash in SVGTextElement.getCharNumAtPosition()
* CVE-2011-2990 Credential leakage using Content Security Policy reports
* CVE-2011-2986 (bmo#655836) Cross-origin data theft using canvas and Windows D2D
* Gecko 6
* removed obsolete mozilla-gio.patch
* Fri Jul 08 2011 wrAATTrosenauer.org- update to version 2.2
* Gecko 5 included fixes for security issues: (bnc#701296, bnc#700578)
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2375 Miscellaneous memory safety hazards
* MFSA 2011-20/CVE-2011-2373 (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images
* MFSA 2011-22/CVE-2011-2371 (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight()
* MFSA 2011-25/CVE-2011-2366 Stealing of cross-domain images using WebGL textures
* MFSA 2011-26/CVE-2011-2367 CVE-2011-2368 Multiple WebGL crashes
* MFSA 2011-27/CVE-2011-2369 (bmo#650001) XSS encoding hazard with inline SVG
* MFSA 2011-28/CVE-2011-2370 (bmo#645699) Non-whitelisted site can trigger xpinstall
* Mon Jun 13 2011 wrAATTrosenauer.org- use faster version for find-external-requires.sh (from Petr Cerny)- removed obsolete default preferences- ported UA locale fix (bnc#582654)- updated supported locale RPM tags
* Fri Jun 10 2011 wrAATTrosenauer.org- major update to version 2.1
* Gecko 2.0 (with all its features)- avoid __DATE__ and __TIME__ usage
* Wed Mar 23 2011 wrAATTrosenauer.org- security update to version 2.0.13 (bnc#680771)
* MFSA 2011-11 (bmo#642395) Update HTTPS certificate blacklist
* Mon Jan 24 2011 wrAATTrosenauer.org- security update to version 2.0.12 (bnc#667155)
* MFSA 2011-01/CVE-2011-0053/CVE-2011-0062 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
* MFSA 2011-02/CVE-2011-0051 (bmo#616659) Recursive eval call causes confirm dialogs to evaluate to true
* MFSA 2011-03/CVE-2011-0055 (bmo#616009, bmo#619255) Use-after-free error in JSON.stringify
* MFSA 2011-04/CVE-2011-0054 (bmo#615657) Buffer overflow in JavaScript upvarMap
* MFSA 2011-05/CVE-2011-0056 (bmo#622015) Buffer overflow in JavaScript atom map
* MFSA 2011-06/CVE-2011-0057 (bmo#626631) Use-after-free error using Web Workers
* MFSA 2011-08/CVE-2010-1585 (bmo#562547) ParanoidFragmentSink allows javascript: URLs in chrome documents
* MFSA 2011-09/CVE-2011-0061 (bmo#610601) Crash caused by corrupted JPEG image
* MFSA 2011-10/CVE-2011-0059 (bmo#573873) CSRF risk with plugins and 307 redirects
* Mon Jan 10 2011 wrAATTrosenauer.org- add x-scheme-handlers to desktop files as needed by newer Gnome environment
* Thu Nov 25 2010 wrAATTrosenauer.org- security update to version 2.0.11 (bnc#657016)
* MFSA 2010-74/CVE-2010-3776/CVE-2010-3777/CVE-2010-3778 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
* MFSA 2010-75/CVE-2010-3769 (bmo#608336) Buffer overflow while line breaking after document.write with long string
* MFSA 2010-76/CVE-2010-3771 (bmo#609437) Chrome privilege escalation with window.open and element
* MFSA 2010-77/CVE-2010-3772 (bmo#594547) Crash and remote code execution using HTML tags inside a XUL tree
* MFSA 2010-78/CVE-2010-3768 (bmo#527276) Add support for OTS font sanitizer
* MFSA 2010-79/CVE-2010-3775 Java security bypass from LiveConnect loaded via data: URL meta refresh
* MFSA 2010-80/CVE-2010-3766 (bmo#590771) Use-after-free error with nsDOMAttribute MutationObserver
* MFSA 2010-81/CVE-2010-3767 (bmo#599468) Integer overflow vulnerability in NewIdArray
* MFSA 2010-82/CVE-2010-3773 (bmo#554449) Incomplete fix for CVE-2010-0179
* MFSA 2010-83/VE-2010-3774 (bmo#602780) Location bar SSL spoofing using network error page
* MFSA 2010-84/CVE-2010-3770 (bmo#601429) XSS hazard in multiple character encodings
* Wed Oct 27 2010 wrAATTrosenauer.org- security update to version 2.0.10 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222) Heap buffer overflow mixing document.write and DOM insertion
* Thu Oct 07 2010 wrAATTrosenauer.org- security update to version 2.0.9 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077) Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929) Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669) Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734) XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616) Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502) Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange
* removed upstreamed mozilla-helper-app.patch- require mozilla-nss >= 3.12.8
* Wed Sep 15 2010 wrAATTrosenauer.org- update to 2.0.8
* fixing startup topcrash (bmo#594699)
* add \"face\" to the list of white-listed attributes (bmo#592601)- added Cairo LCD filter patch to enable subpixel hinting where supported (bnc#638186) (mozilla-cairo-lcd.patch)
* Thu Aug 26 2010 wrAATTrosenauer.org- security upate to 2.0.7 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447) Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512) Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655) Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815) Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075) XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070) Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445) Crash and remote code execution in normalizeDocument
* MFSA 2010-60/CVE-2010-2763 (bmo#585284) XSS using SJOW scripted function
* MFSA 2010-61/CVE-2010-2768 (bmo#579744) UTF-7 XSS by overriding document charset using type attribute
* MFSA 2010-62/CVE-2010-2769 (bmo#520189) Copy-and-paste or drag-and-drop into designMode document allows XSS
* MFSA 2010-63/CVE-2010-2764 (bmo#552090) Information leak via XMLHttpRequest statusText- always use internal cairo (bnc#622375, bnc#626042)
* Fri Jul 16 2010 wrAATTrosenauer.org- security update to 2.0.6 (bnc#622506)
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards
* MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability
* MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator
* MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
* MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow
* MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability
* MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image
* MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities
* MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS
* MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages
* Fri May 07 2010 wrAATTrosenauer.org- security update to 2.0.5 (bnc#603356)
* MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion
* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.1.10)
* MFSA 2010-27/CVE-2010-0183 (bmo#557174) Use-after-free error in nsCycleCollector::MarkRoots()
* MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances
* MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
* MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting
* MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes
* MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present
* MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random()
* Wed Mar 17 2010 wrAATTrosenauer.org- security update to 2.0.4 (bnc#586567)
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption
* MFSA 2010-17/CVE-2010-0175 (bmo#540100,375928) Remote code execution with use-after-free in nsTreeSelection
* MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn\'t check nsIContentPolicy
* Wed Feb 24 2010 wrAATTrosenauer.org- added translation subpackages
* Wed Feb 17 2010 wrAATTrosenauer.org- security update to 2.0.3 (bnc#576969)
* MFSA-2010-01/CVE-2010-0159 Crashes with evidence of memory corruption
* MFSA-2010-02/CVE-2010-0160 Web Worker Array Handling Heap Corruption Vulnerability
* MFSA-2010-03/CVE-2009-1571 (bmo#526500) Use-after-free crash in HTML parser
* MFSA-2010-04/CVE-2009-3988 (bmo#504862) XSS due to window.dialogArguments being readable cross-domain
* MFSA-2010-05/CVE-2010-0162 (bmo#455472) XSS hazard using SVG document and binary Content-Type
* Mon Jan 18 2010 vuntzAATTopensuse.org- Remove unneeded orbit-devel BuildRequires.
* Tue Jan 05 2010 wrAATTrosenauer.org- stability update to 2.0.2 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193)
* Thu Dec 10 2009 wrAATTrosenauer.org- security update to 2.0.1 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener
* Mon Oct 19 2009 wrAATTrosenauer.org- update to 2.0rc2 which might become the final 2.0 version
* based on final Gecko 1.9.1.4 (build3)
* Thu Oct 08 2009 wrAATTrosenauer.org- update to 2.0rc1
* based on Gecko 1.9.1.4
* removed upstreamed patches
* compatible with enigmail (bnc#544326, bnc#530811)- fixed startup notification (bnc#518603) (mozilla-startup-notification.patch)
* Mon Sep 14 2009 wrAATTrosenauer.org- update to 2.0b2
* removed obsolete mozilla-jemalloc_deepbind.patch and mozilla-app-launcher.patch- remove obsolete code for protocol handlers (bmo#389732)- allow alternative button order for Gtk filechooser (bnc#527418)- added mozilla-prefer_plugin_pref.patch to introduce a new set of prefs to support preferring certain plugins for mime-types- added mozilla-sysplugin-biarch.patch to use /usr/$LIB/mozilla/plugins as system plugin dir (bmo#496708)
* Thu Aug 20 2009 wrAATTrosenauer.org- added Provides and Obsoletes for package merge (bnc#532678)- allow alternative button order for Gtk filechooser (bnc#527418)
* Tue Jul 28 2009 wrAATTrosenauer.org- fixed %exclude usage
* Tue Jul 21 2009 wrAATTrosenauer.org- update to 2.0b1- added create-tar.sh to source package- removed enigmail as it\'s provided as an own package built in Thunderbird now
* Thu Jul 09 2009 AATTrosenauer.org- update to 2.0a3-20090707 snapshot- define MOZ_APP_LAUNCHER for session management (bmo#453689) (mozilla-app-launcher.patch and mozilla.sh.in)- move intl.locale.matchOS to distribution specific prefs (removed locale.patch)- moved openSUSE specific prefs from greprefs to app prefs- added mozilla-jemalloc_deepbind.patch to fix various possible crashes (bnc#503151, bmo#493541)- added seamonkey-no-update.patch to hide the update menu item
* Wed Jun 17 2009 wrAATTrosenauer.org- major update to 2.0a3-20090617
* based on Gecko 1.9.1
* ported to Mozilla\'s toolkit
* Sat Apr 11 2009 wrAATTrosenauer.org- security update to 1.1.16 (bnc#488955,489411,492354)
* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation
* MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift
* Thu Mar 19 2009 wrAATTrosenauer.org- update to security release 1.1.15 (bnc#478625)
* MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7)
* MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect
* MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards- use nss-shared-helper from 11.1 on which allows migrating to and sharing with other applications using NSS (can be disabled completely exporting MOZ_SM_NO_NSSHELPER=1)
  
ICM