* New upstream security release: 1.1.17 (LP: #356274)
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
* removed debian/patches/90_181_484320_attachment_368977.patch
* removed debian/patches/90_181_485217_attachment_369357.patch
* removed debian/patches/90_181_485286_attachment_369457.patch
- update debian/patches/series
This bug was fixed in the package seamonkey - 1.1.17+ nobinonly- 0ubuntu0. 9.04.1
--------------- nobinonly- 0ubuntu0. 9.04.1) jaunty-security; urgency=low
seamonkey (1.1.17+
* New upstream security release: 1.1.17 (LP: #356274) alternative message with text/enhanced part patches/ 90_181_ 484320_ attachment_ 368977. patch patches/ 90_181_ 485217_ attachment_ 369357. patch patches/ 90_181_ 485286_ attachment_ 369457. patch patches/ series
- CVE-2009-1841: JavaScript chrome privilege escalation
- CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null
- CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests
- CVE-2009-1835: Arbitrary domain cookie access by local file: resources
- CVE-2009-1392, CVE-2009-1832, CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11)
- CVE-2009-1311: POST data sent to wrong site when saving web page with embedded frame
- CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme
- MFSA 2009-33 Crash viewing multipart/
* removed debian/
* removed debian/
* removed debian/
- update debian/
-- John Vivirito <email address hidden> Mon, 06 Jul 2009 13:20:53 -0400