-
Committer:
Bazaar Package Importer
-
Author(s):
Fabien Tassin
-
Date:
2008-09-30 00:41:24 UTC
-
mfrom:
(1.1.5 upstream)
-
Revision ID:
james.westby@ubuntu.com-20080930004124-nkkda6z7mf4fxagi
Tags: 1.1.12+nobinonly-0ubuntu1
* New security upstream release: 1.1.12 (LP: #276437)
- CVE-2008-4070: Heap overflow when canceling newsgroup message
- CVE-2008-4069: XBM image uninitialized memory reading
- CVE-2008-4067..4068: resource: traversal vulnerabilities
- CVE-2008-4065..4066: BOM characters stripped from JavaScript before execution
- CVE-2008-4061..4064: Crashes with evidence of memory corruption
- CVE-2008-4058..4060: Privilege escalation via XPCnativeWrapper pollution
- CVE-2008-3837: Forced mouse drag
- CVE-2008-3835: nsXMLDocument::OnChannelRedirect() same-origin violation
- CVE-2008-0016: UTF-8 URL stack buffer overflow