File _patchinfo of Package patchinfo.4583
<patchinfo incident="4583"> <issue id="959277" tracker="bnc">VUL-0: Mozilla Firefox 38.5/43 release</issue> <issue id="CVE-2015-7208" tracker="cve" /> <issue id="CVE-2015-7201" tracker="cve" /> <issue id="CVE-2015-7202" tracker="cve" /> <issue id="CVE-2015-7203" tracker="cve" /> <issue id="CVE-2015-7204" tracker="cve" /> <issue id="CVE-2015-7205" tracker="cve" /> <issue id="CVE-2015-7207" tracker="cve" /> <issue id="CVE-2015-7222" tracker="cve" /> <issue id="CVE-2015-7223" tracker="cve" /> <issue id="CVE-2015-7220" tracker="cve" /> <issue id="CVE-2015-7221" tracker="cve" /> <issue id="CVE-2015-7219" tracker="cve" /> <issue id="CVE-2015-7218" tracker="cve" /> <issue id="CVE-2015-7217" tracker="cve" /> <issue id="CVE-2015-7216" tracker="cve" /> <issue id="CVE-2015-7215" tracker="cve" /> <issue id="CVE-2015-7214" tracker="cve" /> <issue id="CVE-2015-7213" tracker="cve" /> <issue id="CVE-2015-7212" tracker="cve" /> <issue id="CVE-2015-7211" tracker="cve" /> <issue id="CVE-2015-7210" tracker="cve" /> <issue id="CVE-2015-7575" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>wrosenauer</packager> <description> Seamonkey was updated to 2.40 (boo#959277) to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * CVE-2015-7201/CVE-2015-7202: Miscellaneous memory safety hazards * CVE-2015-7204: Crash with JavaScript variable assignment with unboxed objects * CVE-2015-7207: Same-origin policy violation using perfomance.getEntries and history navigation * CVE-2015-7208: Firefox allows for control characters to be set in cookies * CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed * CVE-2015-7212: Integer overflow allocating extremely large textures * CVE-2015-7215: Cross-origin information leak through web workers error events * CVE-2015-7211: Hash in data URI is incorrectly parsed * CVE-2015-7218/CVE-2015-7219: DOS due to malformed frames in HTTP/2 * CVE-2015-7216/CVE-2015-7217: Linux file chooser crashes on malformed images due to flaws in Jasper library * CVE-2015-7203/CVE-2015-7220/CVE-2015-7221: Buffer overflows found through code inspection * CVE-2015-7205: Underflow through code inspection * CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions * CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright * CVE-2015-7223: Privilege escalation vulnerabilities in WebExtension APIs * CVE-2015-7214: Cross-site reading attack through data and view-source URIs </description> <summary>Security update for seamonkey</summary> </patchinfo>
