- see http://www.seamonkey-project.org/releases/seamonkey2.16/
- fixes MFSA 2013-21->28
- provides a builtin pdf viewer (pdf.js)
- remove patch-mozilla_toolkit_system_gnome_nsGIOService_cpp (#805202), firefox
now properly links with gio instead of dlopening it
- remove patch-mozilla_toolkit_xre_nsXREDirProvider_cpp and
patch-mozilla_xpcom_io_nsAppFileLocationProvider_cpp, merged upstream (#803955)
- see http://www.mozilla.org/en-US/firefox/19.0/releasenotes/
- fixes MFSA 2013-21->28
- provides a builtin pdf viewer (pdf.js)
- remove patch-toolkit_system_gnome_nsGIOService_cpp (#805202), firefox
now properly links with gio instead of dlopening it
- remove patch-toolkit_xre_nsXREDirProvider_cpp and
patch-xpcom_io_nsAppFileLocationProvider_cpp, merged upstream (#803955)
https://www.djangoproject.com/weblog/2013/feb/19/security/
- Host header poisoning: an attacker could cause Django to generate
and display URLs that link to arbitrary domains.
- Formset denial-of-service: an attacker can abuse Django's tracking
of the number of forms in a formset to cause a denial-of-service attack.
- XML attacks: Django's serialization framework was vulnerable to
attacks via XML entity expansion and external references.
- Data leakage via admin history log: Django's admin interface could
expose supposedly-hidden information via its history log.
'JavaScript related stability issues' for a well known social
network site (bug #831626).
While here remove patch for #830303, commited upstream in
mozilla-release just after 18.0.1.
gconf_ping() will try to shutdown gconfd, but since installing pkg is
done as root, there is not gconfd nor dbus that can be started when
DISPLAY isn't set and an annoying warning is issued.
discussed with espie@
phpVirtualBox is an open source, AJAX implementation of the VirtualBox
user interface written in PHP. As a modern web interface, it allows you
to access and control remote VirtualBox instances.
<...>
ok jasper@ sthen@
- server-side request forgery vulnerability and remote port scanning
using pingbacks
(http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html)
- cross-site scripting via shortcodes and post content
- cross-site scripting vulnerability in the external library Plupload
ok merdely@
mod_jk is a DSO module for Apache2. It connects Apache to Tomcat.
mod_jk can be configured to off-load SSL processing to Apache, serve
static content for webapps and load balance multiple Tomcat servers.
ok kurt@
tweaks & ok sthen@
