-
Committer:
Bazaar Package Importer
-
Author(s):
Micah Gersten, Fabien Tassin
-
Date:
2011-08-04 00:55:18 UTC
-
mfrom:
(1.1.36 upstream)
-
Revision ID:
james.westby@ubuntu.com-20110804005518-d89uurt6vgkkp413
Tags: 13.0.782.107~r94237-0ubuntu0.10.04.1
[ Fabien Tassin <fta@ubuntu.com> ]
* New Major upstream release from the Stable Channel
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install