Viewing all changes in revision 22.1.11.
- Committer: Bazaar Package Importer
- Date: 2011-08-26 14:00:43 UTC
- mfrom: (1.2.14 upstream)
- mto: (18.1.20 lucid-security)
- mto: This revision was merged to the branch mainline in revision 38.
- Revision ID: james.westby@ubuntu.com-20110826140043-mosd0anlh3jvvgrl
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
- files added:
- chromium-browser-13.0.782.215~r97094-source.tar.lzma
- files removed:
- chromium-browser-13.0.782.107~r94237-source.tar.lzma
- files modified:
- debian/changelog
expand all
collapse all
added
removed
