#14385 – [M40] seamonkey-1.1.8-alt1

Bug 14385 - [M40] seamonkey-1.1.8-alt1

Summary: [M40] seamonkey-1.1.8-alt1

Status:	CLOSED WONTFIX

Alias:	None

Product:	Package transfer
Classification:	Archive
Component:	branch/4.0 (show other bugs)
Version:	unspecified
Hardware:	all Linux

Importance:	P2 normal
Assignee:	Dmitry V. Levin
QA Contact:	Andrey Cherepanov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-02-11 11:40 MSK by Michael Shigorin
Modified:	2008-02-16 12:45 MSK (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Shigorin 2008-02-11 11:40:44 MSK

Проверено на 4.0/branch, работает; три из исправлений -- критические:

* Fri Feb 08 2008 Damir Shayhutdinov <damir@altlinux> 1:1.1.8-alt1
- 1.1.8 security update
  + MFSA 2008-10 URL token stealing via stylesheet redirect
  + MFSA 2008-09 Mishandling of locally-saved plain text files
  + MFSA 2008-06 Web browsing history and forward navigation stealing
  + MFSA 2008-05 Directory traversal via chrome: URI
  + MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
  + MFSA 2008-02 Multiple file input focus stealing vulnerabilities
  + MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
- Removed .so files from libdir

Comment 1 Dmitry V. Levin 2008-02-14 22:44:43 MSK

(In reply to comment #0)
> Проверено на 4.0/branch, работает; три из исправлений -- критические:
> 
> * Fri Feb 08 2008 Damir Shayhutdinov <damir@altlinux> 1:1.1.8-alt1
> - 1.1.8 security update
>   + MFSA 2008-10 URL token stealing via stylesheet redirect
>   + MFSA 2008-09 Mishandling of locally-saved plain text files
>   + MFSA 2008-06 Web browsing history and forward navigation stealing
>   + MFSA 2008-05 Directory traversal via chrome: URI
>   + MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
>   + MFSA 2008-02 Multiple file input focus stealing vulnerabilities
>   + MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)
> - Removed .so files from libdir

Прямой перенос в 4.0/branch невозможен:

Package libjscall-sharp version 0.0.2-alt0.SVN20060928.1.1 has an unmet dep:
 Depends: libgtkembedmoz.so
Package avidemux version 2.3.0-alt0.1 has an unmet dep:
 Depends: libmozjs.so
Package liferea-mozilla version 1.2.5-alt1 has an unmet dep:
 Depends: libgtkembedmoz.so
Package gxine version 0.5.11-alt3 has an unmet dep:
 Depends: libmozjs.so

Comment 2 Damir Shayhutdinov 2008-02-14 22:50:04 MSK

А ведь кто-то очень хотел чтобы симанки не предоставлял свои библиотеки 
в %_libdir...

Comment 3 Michael Shigorin 2008-02-16 12:45:20 MSK

The seamonkey-1.1.8-alt0.M40.1 package passed through 4.0/branch incoming