Bug #889711 “Update to 15.0.874.120” : Natty (11.04) : Bugs : chromium-browser package : Ubuntu

Micah Gersten (micahg) on 2011-11-13

visibility:	private → public
description:	updated
Changed in chromium-browser (Ubuntu Precise):
importance:	Undecided → High
status:	New → In Progress
assignee:	nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Oneiric):
assignee:	nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
assignee:	nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee:	nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
assignee:	nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Oneiric):
importance:	Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance:	Undecided → High
Changed in chromium-browser (Ubuntu Maverick):
importance:	Undecided → High
Changed in chromium-browser (Ubuntu Lucid):
importance:	Undecided → High
status:	New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status:	New → In Progress
Changed in chromium-browser (Ubuntu Natty):
status:	New → In Progress
Changed in chromium-browser (Ubuntu Oneiric):
status:	New → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-11-13:

#1

This bug was fixed in the package chromium-browser - 15.0.874.120~r108895-0ubuntu1

---------------
chromium-browser (15.0.874.120~r108895-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #889711)
    This release fixes the following security issues:
    - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
      Helin of OUSPG.
    - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
      Vorbis media handlers. Credit to Aki Helin of OUSPG.
    - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
      Credit to Andrew Scherkus of the Chromium development community.
    - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
      Aki Helin of OUSPG.
    - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
      Credit to Ken “strcpy” Russell of the Chromium development community.
    - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
      reported through ZDI (ZDI-CAN-1416).
-- Micah Gersten <email address hidden> Sun, 13 Nov 2011 00:11:03 -0600

Changed in chromium-browser (Ubuntu Precise):
status:	In Progress → Fix Released

Revision history for this message

Dmitry Shachnev (mitya57) wrote on 2011-11-18:

#2

15.0.874.121 is available as well

The Stable channel has been updated to 15.0.874.121 for Windows, Mac, Linux and Chrome Frame platforms

All
- Updated V8 - 3.5.10.24
- This build contains the fix to a regression: SVG in iframe doesn't use specified dimensions (Issue: 98951)

Security fixes and rewards:
Please see the Chromium security page for more detail.
Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler.

Revision history for this message

Micah Gersten (micahg) wrote on 2011-11-28:

#3

Filed Bug #897389 to track 15.0.874.121

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-02-03:

#4

Download full text (7.4 KiB)

This bug was fixed in the package chromium-browser - 16.0.912.77~r118311-0ubuntu0.10.10.1

---------------
chromium-browser (16.0.912.77~r118311-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #923602)
    This release fixes the following security issues:
    - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
      Arthur Gerkis.
    - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
      wushi of team509 reported through ZDI (ZDI-CAN-1415).
    - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

chromium-browser (16.0.912.75~r116452-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #914648, #889711)
    This release fixes the following security issues:
    - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
      Boris Zbarsky of Mozilla.
    - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
      Jüri Aedla.
    - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
      Credit to Google Chrome Security Team (Cris Neckar).

    This upload also includes the following security fixes from 16.0.912.63:
    - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
      to David Holloway of the Chromium development community.
    - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
      Aki Helin of OUSPG.
    - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
      Luka Treiber of ACROS Security.
    - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
      Aki Helin of OUSPG.
    - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array. Credit to Google Chrome Security Team (scarybeasts) and
      Chu.
    - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
      Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
      Security Team.
    - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
      Arthur Gerkis.
    - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
      to Atte Kettunen of OUSPG.
    - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
      references. Credit to Atte Kettunen of OUSPG.
    - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      Credit t...

This bug was fixed in the package chromium-browser - 16.0.912.77~r118311-0ubuntu0.10.10.1

---------------
chromium-browser (16.0.912.77~r118311-0ubuntu0.10.10.1) maverick-security; urgency=low

* New upstream release from the Stable Channel (LP: #923602)
    This release fixes the following security issues:
    - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
      Arthur Gerkis.
    - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
      wushi of team509 reported through ZDI (ZDI-CAN-1415).
    - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

chromium-browser (16.0.912.75~r116452-0ubuntu0.10.10.1) maverick-security; urgency=low

* New upstream release from the Stable Channel (LP: #914648, #889711)
    This release fixes the following security issues:
    - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
      Boris Zbarsky of Mozilla.
    - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
      Jüri Aedla.
    - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
      Credit to Google Chrome Security Team (Cris Neckar).

This upload also includes the following security fixes from 16.0.912.63:
    - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
      to David Holloway of the Chromium development community.
    - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
      Aki Helin of OUSPG.
    - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
      Luka Treiber of ACROS Security.
    - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
      Aki Helin of OUSPG.
    - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array. Credit to Google Chrome Security Team (scarybeasts) and
      Chu.
    - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
      Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
      Security Team.
    - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
      Arthur Gerkis.
    - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
      to Atte Kettunen of OUSPG.
    - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
      references. Credit to Atte Kettunen of OUSPG.
    - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      Credit to Google Chrome Security Team (Marty Barbella).
    - [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to
      Google Chrome Security Team (Inferno) and miaubiz.

This upload also includes the following security fixes from 15.0.874.121:
    - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
      Christian Holler.

This upload also includes the following security fixes from 15.0.874.120:
    - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
      Helin of OUSPG.
    - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
      Vorbis media handlers. Credit to Aki Helin of OUSPG.
    - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
      Credit to Andrew Scherkus of the Chromium development community.
    - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
      Aki Helin of OUSPG.
    - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
      Credit to Ken “strcpy” Russell of the Chromium development community.
    - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
      reported through ZDI (ZDI-CAN-1416).

[ Brandon Snider <brandonsnider@ubuntu.com> ]
  * Refresh patch
    - update debian/patches/chromium_useragent.patch.in

chromium-browser (15.0.874.106~r107270-0ubuntu0.10.10.1) maverick-security; urgency=low

* New upstream release from the Stable Channel (LP: #881786)
    This release fixes the following security issues:
    - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
      Jordi Chancel.
    - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
      to Jordi Chancel.
    - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
      download filenames. Credit to Marc Novak.
    - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
      Google Chrome Security Team (Tom Sepez) plus independent discovery by
      Juho Nurminen.
    - [94487] Medium CVE-2011-3878: Race condition in worker process
      initialization. Credit to miaubiz.
    - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
      Masato Kinugawa.
    - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
      to Vladimir Vorontsov, ONsec company.
    - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
      policy violations. Credit to Sergey Glazunov.
    - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
      Credit to Google Chrome Security Team (Inferno).
    - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
      miaubiz.
    - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
      Brian Ryner of the Chromium development community.
    - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
      style bugs leading to use-after-free. Credit to miaubiz.
    - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
      Christian Holler.
    - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
      Sergey Glazunov.
    - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
      Credit to miaubiz.
    - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
    - [99553] High CVE-2011-3890: Use-after-free in video source handling.
      Credit to Ami Fischman of the Chromium development community.
    - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
      Steven Keuchel of the Chromium development community plus independent
      discovery by Daniel Divricean.

[ Chris Coulson <chris.coulson@canonical.com> ]
  * Refresh patches
    - update debian/patches/dlopen_sonamed_gl.patch
    - update debian/patches/webkit_rev_parser.patch

[ Fabien Tassin ]
  * Disable NaCl until we figure out what to do with the private toolchain
    - update debian/rules
  * Do not install the pseudo_locales files in the debs
    - update debian/rules
  * Add python-simplejson to Build-depends. This is needed by NaCl even with
    NaCl disabled, so this is a temporary workaround to unbreak the build, it
    must be fixed upstream
    - update debian/control
 -- Micah Gersten <micahg@ubuntu.com>   Sun, 29 Jan 2012 23:47:21 -0600

Changed in chromium-browser (Ubuntu Maverick):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-02-03:

#5

Download full text (4.5 KiB)

This bug was fixed in the package chromium-browser - 16.0.912.77~r118311-0ubuntu0.10.04.1

---------------
chromium-browser (16.0.912.77~r118311-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #923602)
    This release fixes the following security issues:
    - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
      Arthur Gerkis.
    - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
      wushi of team509 reported through ZDI (ZDI-CAN-1415).
    - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

chromium-browser (16.0.912.75~r116452-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #914648, #889711)
    This release fixes the following security issues:
    - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
      Boris Zbarsky of Mozilla.
    - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
      Jüri Aedla.
    - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
      Credit to Google Chrome Security Team (Cris Neckar).

    This upload also includes the following security fixes from 16.0.912.63:
    - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
      to David Holloway of the Chromium development community.
    - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
      Aki Helin of OUSPG.
    - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
      Luka Treiber of ACROS Security.
    - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
      Aki Helin of OUSPG.
    - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array. Credit to Google Chrome Security Team (scarybeasts) and
      Chu.
    - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
      Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
      Security Team.
    - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
      Arthur Gerkis.
    - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
      to Atte Kettunen of OUSPG.
    - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
      references. Credit to Atte Kettunen of OUSPG.
    - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      Credit to Goog...