Please update to 18.0.1025.142
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
Medium
|
Micah Gersten | ||
Lucid |
Fix Released
|
Medium
|
Micah Gersten | ||
Maverick |
Fix Released
|
Medium
|
Micah Gersten | ||
Natty |
Fix Released
|
Medium
|
Micah Gersten | ||
Oneiric |
Fix Released
|
Medium
|
Micah Gersten | ||
Precise |
Fix Released
|
Medium
|
Micah Gersten |
Bug Description
[109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
[112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
[114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
[116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
[116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
[117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
[117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
[117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.
Related branches
CVE References
visibility: | private → public |
Changed in chromium-browser (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in chromium-browser (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in chromium-browser (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Changed in chromium-browser (Ubuntu Natty): | |
importance: | Undecided → Medium |
Changed in chromium-browser (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in chromium-browser (Ubuntu Lucid): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Maverick): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Natty): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Oneiric): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Precise): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Maverick): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Natty): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Oneiric): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Lucid): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Precise): | |
assignee: | nobody → Micah Gersten (micahg) |
This bug was fixed in the package chromium-browser - 18.0.1025. 142~r129054- 0ubuntu1
--------------- 142~r129054- 0ubuntu1) precise; urgency=low
chromium-browser (18.0.1025.
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see code.google. com/p/chromium/ issues/ detail? id=79050 patches/ dlopen_ libgnutls. patch patches/ series
http://
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/
- update debian/
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
-- Micah Gersten <email address hidden> Sun, 01 Apr 2012 22:17:11 -0500