1
chromium-browser (14.0.835.202~r103287-0ubuntu0.10.04.2) lucid-security; urgency=low
3
* New upstream release from the Stable Channel (LP: #858744)
4
This release fixes the following security issues:
5
+ Chromium issues (13.0.782.220):
6
- Trust in Diginotar Intermediate CAs revoked
7
+ Chromium issues (14.0.835.163):
8
- [49377] High CVE-2011-2835: Race condition in the certificate cache.
10
- [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
12
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
13
loading plug-ins. Credit to Michal Zalewski.
14
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
16
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
17
Credit to Kostya Serebryany.
18
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
20
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
22
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
23
Credit to Arthur Gerkis.
24
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
26
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
27
Credit to Google Chrome Security Team (Inferno).
28
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
29
to Google Chrome Security Team (SkyLined).
30
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
31
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
32
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
34
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
35
characters. Credit to Google Chrome Security Team (Inferno).
36
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
37
Credit to Google Chrome Security Team (Inferno).
38
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
39
session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
40
+ Chromium issues (14.0.835.202):
41
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
42
window prototype. Credit to Sergey Glazunov.
43
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
44
handling. Credit to Google Chrome Security Team (Inferno).
45
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
47
+ Webkit issues (14.0.835.163):
48
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
49
user interaction. Credit to kuzzcc.
50
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
51
Credit to Arthur Gerkis.
52
- [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
54
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
56
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
57
handing. Credit to Sławomir Błażek, and independent later discoveries by
58
miaubiz and Google Chrome Security Team (Inferno).
59
- [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
61
- [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
63
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
65
+ Webkit issues (14.0.835.202):
66
- [93788] High CVE-2011-2876: Use-after-free in text line box handling.
68
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
70
+ LibXML issue (14.0.835.163):
71
- [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
73
+ V8 issues (14.0.835.163):
74
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
76
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
77
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
79
- [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
80
Credit to Sergey Glazunov.
81
- [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
83
+ V8 issues (14.0.835.202):
84
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
85
bindings. Credit to Sergey Glazunov.
86
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
87
Credit to Sergey Glazunov.
90
* Add libpulse-dev to Build-Depends, needed for WebRTC
91
- update debian/control
92
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
93
the upstream rename, and add a mapping flag to the grit converter
98
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
100
* Drop build dependency on libvpx due to the switch to internal libvpx
101
- update debian/control
103
-- Micah Gersten <micahg@ubuntu.com> Wed, 12 Oct 2011 01:16:47 -0500
105
chromium-browser (13.0.782.215~r97094-0ubuntu0.10.04.1) lucid-security; urgency=low
107
[ Fabien Tassin <fta@ubuntu.com> ]
108
* New upstream release from the Stable Channel (LP: #834922)
109
This release fixes the following security issues:
111
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
112
Chrome Security Team (SkyLined).
114
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
115
to Google Chrome Security Team (SkyLined) and independent later
116
discovery by miaubiz.
117
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
119
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
120
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
121
later discovery by miaubiz.
122
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
123
Credit to Sergey Glazunov.
124
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
126
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
127
arrays. Credit to Sergey Glazunov.
129
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
130
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
133
-- Micah Gersten <micahg@ubuntu.com> Fri, 26 Aug 2011 14:00:43 -0500
135
chromium-browser (13.0.782.107~r94237-0ubuntu0.10.04.1) lucid-security; urgency=low
137
[ Fabien Tassin <fta@ubuntu.com> ]
138
* New Major upstream release from the Stable Channel (LP: #819991)
139
This release fixes the following security issues:
141
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
142
browser dialog. Credit to Sergey Glazunov.
143
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
145
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
146
auth dialog. Credit to kuzzcc.
147
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
148
drop. Credit to Evan Martin of the Chromium development community.
149
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
150
extension install via a browser dialog. Credit to Sergey Glazunov.
151
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
153
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
154
issue. Credit to kuzzcc.
155
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
156
instantiation. Credit to Mario Gomes and kuzzcc.
157
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
158
being web accessible. Credit to sirdarckcat of the Google Security Team.
159
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
160
to Google Chrome Security Team (Inferno).
162
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
163
in rendering. Credit to miaubiz and Martin Barbella.
164
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
165
log. Credit to kuzzcc.
166
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
167
on-screen. Credit to Olli Pettay of Mozilla.
168
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
169
Credit to Mikołaj Małecki.
170
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
172
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
174
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
176
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
178
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
180
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
181
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
182
development community.
183
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
185
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
187
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
188
Credit to Juho Nurminen.
189
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
191
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
193
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
194
Credit to Martin Barbella.
195
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
197
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
198
handling. Credit to Sergey Glazunov.
200
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
201
Dingning from NCNIPC, Graduate University of Chinese Academy of
204
* Run the gclient hooks when creating the source tarball, as we need files
205
from the Native Client's integrated runtime (IRT) library.
206
Install the NaCL IRT files in the main deb
207
- update debian/rules
208
- update debian/chromium-browser.install
210
-- Micah Gersten <micahg@ubuntu.com> Thu, 04 Aug 2011 00:55:18 -0500
1
212
chromium-browser (12.0.742.112~r90304-0ubuntu0.10.04.1) lucid-security; urgency=low
3
214
[ Fabien Tassin <fta@ubuntu.com> ]