-
Committer:
Bazaar Package Importer
-
Author(s):
Micah Gersten, Fabien Tassin
-
Date:
2011-08-26 14:00:43 UTC
-
mfrom:
(1.2.14 upstream)
-
mto:
(18.1.20 lucid-security)
-
mto:
This revision was merged to the branch mainline in
revision
38.
-
Revision ID:
james.westby@ubuntu.com-20110826140043-mosd0anlh3jvvgrl
Tags: 13.0.782.215~r97094-0ubuntu0.10.04.1
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.