Bug 14385

Summary: [M40] seamonkey-1.1.8-alt1
Product: Package transfer Reporter: Michael Shigorin <mike>
Component: branch/4.0Assignee: Dmitry V. Levin <ldv>
Status: CLOSED WONTFIX QA Contact: Andrey Cherepanov <cas>
Severity: normal    
Priority: P2 CC: damir
Version: unspecified   
Hardware: all   
OS: Linux   

Description Michael Shigorin 2008-02-11 11:40:44 MSK 
Проверено на 4.0/branch, работает; три из исправлений -- критические:

* Fri Feb 08 2008 Damir Shayhutdinov <damir@altlinux> 1:1.1.8-alt1
- 1.1.8 security update
  + MFSA 2008-10 URL token stealing via stylesheet redirect
  + MFSA 2008-09 Mishandling of locally-saved plain text files
  + MFSA 2008-06 Web browsing history and forward navigation stealing
  + MFSA 2008-05 Directory traversal via chrome: URI
  + MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
  + MFSA 2008-02 Multiple file input focus stealing vulnerabilities
  + MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
- Removed .so files from libdir
Comment 1 Dmitry V. Levin 2008-02-14 22:44:43 MSK 
(In reply to comment #0)
> Проверено на 4.0/branch, работает; три из исправлений -- критические:
> 
> * Fri Feb 08 2008 Damir Shayhutdinov <damir@altlinux> 1:1.1.8-alt1
> - 1.1.8 security update
>   + MFSA 2008-10 URL token stealing via stylesheet redirect
>   + MFSA 2008-09 Mishandling of locally-saved plain text files
>   + MFSA 2008-06 Web browsing history and forward navigation stealing
>   + MFSA 2008-05 Directory traversal via chrome: URI
>   + MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
>   + MFSA 2008-02 Multiple file input focus stealing vulnerabilities
>   + MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
> - Removed .so files from libdir

Прямой перенос в 4.0/branch невозможен:

Package libjscall-sharp version 0.0.2-alt0.SVN20060928.1.1 has an unmet dep:
 Depends: libgtkembedmoz.so
Package avidemux version 2.3.0-alt0.1 has an unmet dep:
 Depends: libmozjs.so
Package liferea-mozilla version 1.2.5-alt1 has an unmet dep:
 Depends: libgtkembedmoz.so
Package gxine version 0.5.11-alt3 has an unmet dep:
 Depends: libmozjs.so
Comment 2 Damir Shayhutdinov 2008-02-14 22:50:04 MSK 
А ведь кто-то очень хотел чтобы симанки не предоставлял свои библиотеки 
в %_libdir...
Comment 3 Michael Shigorin 2008-02-16 12:45:20 MSK 
The seamonkey-1.1.8-alt0.M40.1 package passed through 4.0/branch incoming