Viewing all changes in revision 46.
- Committer: Bazaar Package Importer
- Date: 2011-08-02 17:33:23 UTC
- mfrom: (1.5.14 upstream)
- Revision ID: james.westby@ubuntu.com-20110802173323-3bepkb3h3nw3q1u4
* New Major upstream release from the Stable Channel
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Add a "Conflicts" with -inspector so that it gets removed
- update debian/control
* Disable PIE for ARM on Oneiric too
- update debian/rules
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install
* Drop obsolete patches
- remove debian/patches/cups_cleanup_cr6883221.patch
- update debian/patches/series
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Add a "Conflicts" with -inspector so that it gets removed
- update debian/control
* Disable PIE for ARM on Oneiric too
- update debian/rules
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install
* Drop obsolete patches
- remove debian/patches/cups_cleanup_cr6883221.patch
- update debian/patches/series
- files added:
- chromium-browser-13.0.782.107~r94237-source.tar.lzma
- files removed:
- chromium-browser-12.0.742.112~r90304-source.tar.lzma
- files modified:
- debian/changelog
expand all
collapse all
added
removed
