Update to 15.0.874.102/106

Bug #881786 reported by Micah Gersten
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
Medium
Micah Gersten
Lucid
Fix Released
Medium
Micah Gersten
Maverick
Fix Released
Medium
Micah Gersten
Natty
Fix Released
Medium
Micah Gersten
Oneiric
Fix Released
Medium
Micah Gersten
Precise
Fix Released
Medium
Micah Gersten

Bug Description

New Chromium release from the stable channel.

Security fixes:
[86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel.
[88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel.
[90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak.
[91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen.
[94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz.
[95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa.
[95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company.
[96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov.
[96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno).
[96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz.
[97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community.
[97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz.
[98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler.
[98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov.
[99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz.
[99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
[99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community.
[100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean.

15.0.874.106 is a stability update to fix a regression:
The Stable channel has been updated to 15.0.874.106 for Windows, Mac, Linux, and Chrome Frame. This release fixes login issues to Barrons Online and The Wall Street Journal (Issue 101274).

Micah Gersten (micahg)
visibility: private → public
Changed in chromium-browser (Ubuntu Precise):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Oneiric):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Precise):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Oneiric):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Precise):
importance: High → Medium
Changed in chromium-browser (Ubuntu Oneiric):
importance: High → Medium
Changed in chromium-browser (Ubuntu Natty):
importance: High → Medium
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → Medium
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
status: New → In Progress
Changed in chromium-browser (Ubuntu Oneiric):
status: New → In Progress
Changed in chromium-browser (Ubuntu Precise):
status: New → In Progress
description: updated
Micah Gersten (micahg)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package chromium-browser - 15.0.874.102~r106587-0ubuntu1

---------------
chromium-browser (15.0.874.102~r106587-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #881786)
    - fix LP: #881607 - Error initializing NSS without a persistent database
    This release fixes the following security issues:
    - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
      Jordi Chancel.
    - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
      to Jordi Chancel.
    - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
      download filenames. Credit to Marc Novak.
    - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
      Google Chrome Security Team (Tom Sepez) plus independent discovery by
      Juho Nurminen.
    - [94487] Medium CVE-2011-3878: Race condition in worker process
      initialization. Credit to miaubiz.
    - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
      Masato Kinugawa.
    - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
      to Vladimir Vorontsov, ONsec company.
    - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
      policy violations. Credit to Sergey Glazunov.
    - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
      Credit to Google Chrome Security Team (Inferno).
    - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
      miaubiz.
    - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
      Brian Ryner of the Chromium development community.
    - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
      style bugs leading to use-after-free. Credit to miaubiz.
    - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
      Christian Holler.
    - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
      Sergey Glazunov.
    - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
      Credit to miaubiz.
    - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
    - [99553] High CVE-2011-3890: Use-after-free in video source handling.
      Credit to Ami Fischman of the Chromium development community.
    - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
      Steven Keuchel of the Chromium development community plus independent
      discovery by Daniel Divricean.

  [ Micah Gersten <email address hidden> ]
  * Switch to xz debs; Add Pre-Depends on dpkg >= 1.15.6 which is needed
    until after Precise
    - update debian/rules
    - update debian/control

  [ Chris Coulson <email address hidden> ]
  * Refresh patches
    - update debian/patches/dlopen_sonamed_gl.patch
    - update debian/patches/webkit_rev_parser.patch
  * Dropped patches, fixed upstream
    - remove debian/patches/cups_1.5_build_fix.patch
    - update debian/patches/series
  * Don't depend on cdbs being installed to create a tarball
    - update debian/rules
    - update debian/cdbs/tarball.mk

  [ Fabien Tassin ]
  * ...

Read more...

Changed in chromium-browser (Ubuntu Precise):
status: In Progress → Fix Released
Micah Gersten (micahg)
description: updated
Micah Gersten (micahg)
summary: - Update to 15.0.874.102
+ Update to 15.0.874.102/106
description: updated
Changed in chromium-browser (Ubuntu Precise):
status: Fix Released → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 15.0.874.106~r107270-0ubuntu1

---------------
chromium-browser (15.0.874.106~r107270-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #881786)
    - This release fixes a regression with regard to logging into certain
      websites
 -- Micah Gersten <email address hidden> Wed, 26 Oct 2011 23:19:00 -0500

Changed in chromium-browser (Ubuntu Precise):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Lucid - Oneiric built successfully and copied to -proposed.

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Oneiric):
status: In Progress → Fix Committed
Micah Gersten (micahg)
tags: added: security-verification verification-needed
Revision history for this message
Rolf Leggewie (r0lf) wrote :

what kind of verification would be needed here? that the packages are indeed available? ;-)

Revision history for this message
Micah Gersten (micahg) wrote :

I just need to run them through QRT's test-browser.py (lp;qa-regression-testing), nothing for anyone else to do yet :) If you're interested in helping test chromium in the future, I can see about that.

Revision history for this message
Micah Gersten (micahg) wrote :

Tested lucid i386/amd64 packages with QRT, no regressions found over previous functionality. However, NaCL is missing (Bug #882942), this was previously disabled, but installed. I don't believe this is worth holding up these security fixes though.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 15.0.874.106~r107270-0ubuntu0.10.04.1

---------------
chromium-browser (15.0.874.106~r107270-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #881786)
    This release fixes the following security issues:
    - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
      Jordi Chancel.
    - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
      to Jordi Chancel.
    - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
      download filenames. Credit to Marc Novak.
    - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
      Google Chrome Security Team (Tom Sepez) plus independent discovery by
      Juho Nurminen.
    - [94487] Medium CVE-2011-3878: Race condition in worker process
      initialization. Credit to miaubiz.
    - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
      Masato Kinugawa.
    - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
      to Vladimir Vorontsov, ONsec company.
    - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
      policy violations. Credit to Sergey Glazunov.
    - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
      Credit to Google Chrome Security Team (Inferno).
    - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
      miaubiz.
    - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
      Brian Ryner of the Chromium development community.
    - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
      style bugs leading to use-after-free. Credit to miaubiz.
    - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
      Christian Holler.
    - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
      Sergey Glazunov.
    - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
      Credit to miaubiz.
    - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
    - [99553] High CVE-2011-3890: Use-after-free in video source handling.
      Credit to Ami Fischman of the Chromium development community.
    - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
      Steven Keuchel of the Chromium development community plus independent
      discovery by Daniel Divricean.

  [ Chris Coulson <email address hidden> ]
  * Refresh patches
    - update debian/patches/dlopen_sonamed_gl.patch
    - update debian/patches/webkit_rev_parser.patch

  [ Fabien Tassin ]
  * Disable NaCl until we figure out what to do with the private toolchain
    - update debian/rules
  * Do not install the pseudo_locales files in the debs
    - update debian/rules
  * Add python-simplejson to Build-depends. This is needed by NaCl even with
    NaCl disabled, so this is a temporary workaround to unbreak the build, it
    must be fixed upstream
    - update debian/control
 -- Micah Gersten <email address hidden> Thu, 27 Oct 2011 00:23:10 -0500

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Florian Achleitner (fachleitner) wrote :

This update still wasn't released? What's wrong?

Revision history for this message
Micah Gersten (micahg) wrote :

Sorry, between UDS and the Mozilla updates this week, I ran out of time to verify. There's another update which will go out early next week. If anyone is interested in helping to verify Chromium updates, please contact me through Launchpad on my home page (just click on my name and there's a contact button on the top right).

Revision history for this message
Dmitry Shachnev (mitya57) wrote :
Revision history for this message
Micah Gersten (micahg) wrote :

That was released yesterday, I meant next week as that's when I'll get it into the Ubuntu archive.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.5 KiB)

This bug was fixed in the package chromium-browser - 15.0.874.106~r107270-0ubuntu0.11.10.1

---------------
chromium-browser (15.0.874.106~r107270-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * New upstream release from the Stable Channel (LP: #881786)
    - fix LP: #881607 - Error initializing NSS without a persistent database
    This release fixes the following security issues:
    - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
      Jordi Chancel.
    - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
      to Jordi Chancel.
    - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
      download filenames. Credit to Marc Novak.
    - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
      Google Chrome Security Team (Tom Sepez) plus independent discovery by
      Juho Nurminen.
    - [94487] Medium CVE-2011-3878: Race condition in worker process
      initialization. Credit to miaubiz.
    - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
      Masato Kinugawa.
    - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
      to Vladimir Vorontsov, ONsec company.
    - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
      policy violations. Credit to Sergey Glazunov.
    - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
      Credit to Google Chrome Security Team (Inferno).
    - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
      miaubiz.
    - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
      Brian Ryner of the Chromium development community.
    - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
      style bugs leading to use-after-free. Credit to miaubiz.
    - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
      Christian Holler.
    - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
      Sergey Glazunov.
    - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
      Credit to miaubiz.
    - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
    - [99553] High CVE-2011-3890: Use-after-free in video source handling.
      Credit to Ami Fischman of the Chromium development community.
    - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
      Steven Keuchel of the Chromium development community plus independent
      discovery by Daniel Divricean.

  [ Chris Coulson <email address hidden> ]
  * Refresh patches
    - update debian/patches/dlopen_sonamed_gl.patch
    - update debian/patches/webkit_rev_parser.patch
  * Dropped patches, fixed upstream
    - remove debian/patches/cups_1.5_build_fix.patch
    - update debian/patches/series

  [ Fabien Tassin ]
  * Disable NaCl until we figure out what to do with the private toolchain
    - update debian/rules
  * Do not install the pseudo_locales files in the debs
    - update debian/rules
  * Add python-simplejson to Build-depends. This is needed by NaCl even with
    NaCl disabled, so this is a te...

Read more...

Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.4 KiB)

This bug was fixed in the package chromium-browser - 16.0.912.77~r118311-0ubuntu0.10.10.1

---------------
chromium-browser (16.0.912.77~r118311-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #923602)
    This release fixes the following security issues:
    - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
      Arthur Gerkis.
    - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
      wushi of team509 reported through ZDI (ZDI-CAN-1415).
    - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

chromium-browser (16.0.912.75~r116452-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #914648, #889711)
    This release fixes the following security issues:
    - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
      Boris Zbarsky of Mozilla.
    - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
      Jüri Aedla.
    - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
      Credit to Google Chrome Security Team (Cris Neckar).

    This upload also includes the following security fixes from 16.0.912.63:
    - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
      to David Holloway of the Chromium development community.
    - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
      Aki Helin of OUSPG.
    - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
      Luka Treiber of ACROS Security.
    - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
      Aki Helin of OUSPG.
    - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array. Credit to Google Chrome Security Team (scarybeasts) and
      Chu.
    - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
      Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
      Security Team.
    - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
      Arthur Gerkis.
    - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
      to Atte Kettunen of OUSPG.
    - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
      references. Credit to Atte Kettunen of OUSPG.
    - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      Credit t...

Read more...

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.4 KiB)

This bug was fixed in the package chromium-browser - 16.0.912.77~r118311-0ubuntu0.11.04.1

---------------
chromium-browser (16.0.912.77~r118311-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release from the Stable Channel (LP: #923602)
    This release fixes the following security issues:
    - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
      Arthur Gerkis.
    - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
      wushi of team509 reported through ZDI (ZDI-CAN-1415).
    - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

chromium-browser (16.0.912.75~r116452-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release from the Stable Channel (LP: #914648, #889711)
    This release fixes the following security issues:
    - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
      Boris Zbarsky of Mozilla.
    - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
      Jüri Aedla.
    - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
      Credit to Google Chrome Security Team (Cris Neckar).

    This upload also includes the following security fixes from 16.0.912.63:
    - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
      to David Holloway of the Chromium development community.
    - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
      Aki Helin of OUSPG.
    - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
      Luka Treiber of ACROS Security.
    - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
      Aki Helin of OUSPG.
    - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array. Credit to Google Chrome Security Team (scarybeasts) and
      Chu.
    - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
      Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
      Security Team.
    - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
      Arthur Gerkis.
    - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
      to Atte Kettunen of OUSPG.
    - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
      references. Credit to Atte Kettunen of OUSPG.
    - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      Credit to Goog...

Read more...

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.