* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
- [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to
Google Chrome Security Team (Inferno) and miaubiz.
This upload also includes the following security fixes from 15.0.874.121:
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler.
This upload also includes the following security fixes from 15.0.874.120:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
* New upstream release from the Stable Channel (LP: #881786)
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control
-- Micah Gersten <email address hidden> Sun, 29 Jan 2012 23:47:21 -0600
This bug was fixed in the package chromium-browser - 16.0.912. 77~r118311- 0ubuntu0. 10.10.1
--------------- 77~r118311- 0ubuntu0. 10.10.1) maverick-security; urgency=low
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #923602) overflow in tree builder.
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-
Credit to Arthur Gerkis.
chromium-browser (16.0.912. 75~r116452- 0ubuntu0. 10.10.1) maverick-security; urgency=low
* New upstream release from the Stable Channel (LP: #914648, #889711) overflow in libxml. Credit to overflow in glyph handling.
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63: overflow in FileWatcher.
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-
Credit to Google Chrome Security Team (Marty Barbella).
- [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to
Google Chrome Security Team (Inferno) and miaubiz.
This upload also includes the following security fixes from 15.0.874.121:
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler.
This upload also includes the following security fixes from 15.0.874.120:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
[ Brandon Snider <email address hidden> ] patches/ chromium_ useragent. patch.in
* Refresh patch
- update debian/
chromium-browser (15.0.874. 106~r107270- 0ubuntu0. 10.10.1) maverick-security; urgency=low
* New upstream release from the Stable Channel (LP: #881786) ation. Credit to miaubiz.
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initializ
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
[ Chris Coulson <email address hidden> ] patches/ dlopen_ sonamed_ gl.patch patches/ webkit_ rev_parser. patch
* Refresh patches
- update debian/
- update debian/
[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control
-- Micah Gersten <email address hidden> Sun, 29 Jan 2012 23:47:21 -0600