Viewing all changes in revision 738.
- Committer: Micah Gersten
- Date: 2012-09-07 05:24:09 UTC
- Revision ID: micahg@ubuntu.com-20120907052409-l1e14bthezhy9f3l
* Add CVEs from security fixes
This release fixes the following security issues:
- [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie
Bursztein of Google.
- [120222] High CVE-2012-2817: Use-after-free in table section handling.
Credit to miaubiz.
- [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to
miaubiz.
- [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken
“gets” Russell of the Chromium development community.
- [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling.
Credit to Atte Kettunen of OUSPG.
- [122925] Medium CVE-2012-2821: Autofill display problem. Credit to
“simonbrown60”.
- [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in
PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany,
Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
- [124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
Credit to miaubiz.
- [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to
miaubiz.
- [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion.
Credit to Google Chrome Security Team (Inferno).
- [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz
Jurczyk of Google Security Team with contributions by Gynvael Coldwind of
Google Security Team and Google Chrome Security Team (Chris Evans).
- [129947] High CVE-2012-2829: Use-after-free in first-letter handling.
Credit to miaubiz.
- [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit
to miaubiz.
- [130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
Credit to miaubiz.
- [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
Credit to Mateusz Jurczyk of Google Security Team with contributions by
Gynvael Coldwind of Google Security Team.
- [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to
Mateusz Jurczyk of Google Security Team.
- [132779] High CVE-2012-2834: Integer overflow in Matroska container.
Credit to Jüri Aedla.
- [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to
Nicholas Gregoire.
- [64-bit Linux only] [129930] High CVE-2012-2807: Integer overflows in
libxml. Credit to Jüri Aedla.
This upload also fixes the following issues from 19.0.1084.52:
- [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to
the Chromium development community (Brett Wilson).
- [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to
Google Chrome Security Team (Inferno).
- [120912] High CVE-2011-3105: Use-after-free in first-letter handling.
Credit to miaubiz.
- [122654] Critical CVE-2011-3106: Browser memory corruption with websockets
over SSL. Credit to the Chromium development community (Dharani Govindan).
- [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings.
Credit to the Chromium development community (Dharani Govindan).
- [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit
to “efbiaiinzinz”.
- [Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to
Micha Bartholomé.
- [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110:
Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google
Security Team, with contributions by Gynvael Coldwind of the Google
Security Team.
- [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian
Holler.
- [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF.
Credit to Mateusz Jurczyk of the Google Security Team, with contributions
by Gynvael Coldwind of the Google Security Team.
- [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF.
Credit to Mateusz Jurczyk of the Google Security Team, with contributions
by Gynvael Coldwind of the Google Security Team.
- [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit
to Google Chrome Security Team (scarybeasts).
- [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian
Holler.
This upload also fixes the following issues from the first Chromium 19
stable release:
- [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to
Aki Helin of OUSPG.
- [113496] Low CVE-2011-3084: Load links from internal pages in their own
process. Credit to Brett Wilson of the Chromium development community.
- [118374] Medium CVE-2011-3085: UI corruption with long autofilled values.
Credit to “psaldorn”.
- [118642] High CVE-2011-3086: Use-after-free with style element. Credit to
Arthur Gerkis.
- [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
Charlie Reis of the Chromium development community.
- [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing.
Credit to Aki Helin of OUSPG.
- [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to
miaubiz.
- [121223] Medium CVE-2011-3090: Race condition with workers. Credit to
Arthur Gerkis.
- [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to
Google Chrome Security Team (Inferno).
- [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to
Christian Holler.
- [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling.
Credit to miaubiz.
- [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
Credit to miaubiz.
- [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit
to Hannu Heikkinen.
- [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox
handling. Credit to Arthur Gerkis.
- [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled
functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy
Stepanov of Google.
- [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font
encoding name. Credit to Mateusz Jurczyk of Google Security Team and
Gynvael Coldwind of Google Security Team.
- [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
Credit to Google Chrome Security Team (Inferno).
- [Linux only] [118970] Medium CVE-2011-3101: Work around Linux Nvidia
driver bug. Credit to Aki Helin of OUSPG.
- [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml.
Credit to Jüri Aedla.
This release fixes the following security issues:
- [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie
Bursztein of Google.
- [120222] High CVE-2012-2817: Use-after-free in table section handling.
Credit to miaubiz.
- [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to
miaubiz.
- [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken
“gets” Russell of the Chromium development community.
- [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling.
Credit to Atte Kettunen of OUSPG.
- [122925] Medium CVE-2012-2821: Autofill display problem. Credit to
“simonbrown60”.
- [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in
PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany,
Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
- [124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
Credit to miaubiz.
- [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to
miaubiz.
- [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion.
Credit to Google Chrome Security Team (Inferno).
- [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz
Jurczyk of Google Security Team with contributions by Gynvael Coldwind of
Google Security Team and Google Chrome Security Team (Chris Evans).
- [129947] High CVE-2012-2829: Use-after-free in first-letter handling.
Credit to miaubiz.
- [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit
to miaubiz.
- [130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
Credit to miaubiz.
- [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
Credit to Mateusz Jurczyk of Google Security Team with contributions by
Gynvael Coldwind of Google Security Team.
- [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to
Mateusz Jurczyk of Google Security Team.
- [132779] High CVE-2012-2834: Integer overflow in Matroska container.
Credit to Jüri Aedla.
- [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to
Nicholas Gregoire.
- [64-bit Linux only] [129930] High CVE-2012-2807: Integer overflows in
libxml. Credit to Jüri Aedla.
This upload also fixes the following issues from 19.0.1084.52:
- [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to
the Chromium development community (Brett Wilson).
- [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to
Google Chrome Security Team (Inferno).
- [120912] High CVE-2011-3105: Use-after-free in first-letter handling.
Credit to miaubiz.
- [122654] Critical CVE-2011-3106: Browser memory corruption with websockets
over SSL. Credit to the Chromium development community (Dharani Govindan).
- [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings.
Credit to the Chromium development community (Dharani Govindan).
- [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit
to “efbiaiinzinz”.
- [Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to
Micha Bartholomé.
- [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110:
Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google
Security Team, with contributions by Gynvael Coldwind of the Google
Security Team.
- [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian
Holler.
- [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF.
Credit to Mateusz Jurczyk of the Google Security Team, with contributions
by Gynvael Coldwind of the Google Security Team.
- [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF.
Credit to Mateusz Jurczyk of the Google Security Team, with contributions
by Gynvael Coldwind of the Google Security Team.
- [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit
to Google Chrome Security Team (scarybeasts).
- [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian
Holler.
This upload also fixes the following issues from the first Chromium 19
stable release:
- [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to
Aki Helin of OUSPG.
- [113496] Low CVE-2011-3084: Load links from internal pages in their own
process. Credit to Brett Wilson of the Chromium development community.
- [118374] Medium CVE-2011-3085: UI corruption with long autofilled values.
Credit to “psaldorn”.
- [118642] High CVE-2011-3086: Use-after-free with style element. Credit to
Arthur Gerkis.
- [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
Charlie Reis of the Chromium development community.
- [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing.
Credit to Aki Helin of OUSPG.
- [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to
miaubiz.
- [121223] Medium CVE-2011-3090: Race condition with workers. Credit to
Arthur Gerkis.
- [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to
Google Chrome Security Team (Inferno).
- [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to
Christian Holler.
- [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling.
Credit to miaubiz.
- [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
Credit to miaubiz.
- [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit
to Hannu Heikkinen.
- [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox
handling. Credit to Arthur Gerkis.
- [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled
functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy
Stepanov of Google.
- [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font
encoding name. Credit to Mateusz Jurczyk of Google Security Team and
Gynvael Coldwind of Google Security Team.
- [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
Credit to Google Chrome Security Team (Inferno).
- [Linux only] [118970] Medium CVE-2011-3101: Work around Linux Nvidia
driver bug. Credit to Aki Helin of OUSPG.
- [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml.
Credit to Jüri Aedla.
- files modified:
- debian/changelog
expand all
collapse all
added
removed
