Viewing all changes in revision 671.
- Committer: Micah Gersten
- Date: 2012-02-21 06:58:40 UTC
- mfrom: (560.1.149 chromium-browser.precise)
- Revision ID: micahg@ubuntu.com-20120221065840-qenhmn6zwz5ppbi9
Merge from (chromium-browser.precise up to #709)
* Fix arm specific flags again; Use findstring instead of filter as arm
isn't the entire build arch name
- update debian/rules
* Add arm specific flags for arm*, not just armel; This allows building on
armhf successfully (we hope)
- update debian/rules
* Change chromium-browser-dbg to Priority: extra, Section: debug per lintian
- update debian/control
* Fix line endings in debian/copyright per lintian
- update debian/copyright
* Make copyright file UTF-8 per lintian
- update debian/copyright
* New upstream release from the Stable Channel (LP: #933262)
This release fixes the following security issues:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
* New upstream release from the Stable Channel (LP: #931905)
This release fixes the following security issues:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #923602, #897389)
(LP: #914648, #889711)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
This upload also includes the following security fixes from 16.0.912.75:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
This upload also includes the following fixes from 15.0.874.121:
- fix to a regression: SVG in iframe doesn't use specified dimensions
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler
* Add patch to build with glib 2.31 (single entry header inclusion)
- add debian/patches/glib-header-single-entry.patch
- update debian/patches/series
* Refresh user agent patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #889711)
This release fixes the following security issues:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
* Fix arm specific flags again; Use findstring instead of filter as arm
isn't the entire build arch name
- update debian/rules
* Add arm specific flags for arm*, not just armel; This allows building on
armhf successfully (we hope)
- update debian/rules
* Change chromium-browser-dbg to Priority: extra, Section: debug per lintian
- update debian/control
* Fix line endings in debian/copyright per lintian
- update debian/copyright
* Make copyright file UTF-8 per lintian
- update debian/copyright
* New upstream release from the Stable Channel (LP: #933262)
This release fixes the following security issues:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
* New upstream release from the Stable Channel (LP: #931905)
This release fixes the following security issues:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #923602, #897389)
(LP: #914648, #889711)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
This upload also includes the following security fixes from 16.0.912.75:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
This upload also includes the following fixes from 15.0.874.121:
- fix to a regression: SVG in iframe doesn't use specified dimensions
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler
* Add patch to build with glib 2.31 (single entry header inclusion)
- add debian/patches/glib-header-single-entry.patch
- update debian/patches/series
* Refresh user agent patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #889711)
This release fixes the following security issues:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
expand all
collapse all
added
removed
