← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

PublicDateAtUSN: 2012-02-16
Candidate: CVE-2011-3026
PublicDate: 2012-02-16
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
 http://www.ubuntu.com/usn/usn-1367-1
 http://www.ubuntu.com/usn/usn-1367-2
 http://www.ubuntu.com/usn/usn-1367-3
 http://www.ubuntu.com/usn/usn-1367-4
Description:
 Integer overflow in libpng, as used in Google Chrome before 17.0.963.56,
 allows remote attackers to cause a denial of service or possibly have
 unspecified other impact via unknown vectors that trigger an integer
 truncation.
Ubuntu-Description:
Notes:
 jdstrand> http://www.ubuntu.com/usn/usn-1400-3/ had the fix for thunderbird
  but it wasn't included
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026
 http://codereview.chromium.org/9363013
Priority: medium
Discovered-by: Jueri Aedla
Assigned-to: jdstrand

Patches_libpng:
 patch: http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
 vendor: http://www.debian.org/security/2012/dsa-2410
upstream_libpng: released (1.2.46-5)
hardy_libpng: released (1.2.15~beta5-3ubuntu0.5)
lucid_libpng: released (1.2.42-1ubuntu2.3)
maverick_libpng: released (1.2.44-1ubuntu0.2)
natty_libpng: released (1.2.44-1ubuntu3.2)
oneiric_libpng: released (1.2.46-3ubuntu1.1)
devel_libpng: released (1.2.46-3ubuntu2)


Patches_firefox:
upstream_firefox: released (10.0.2)
hardy_firefox: ignored (reached end-of-life)
lucid_firefox: released (10.0.2+build1-0ubuntu0.10.04.1)
maverick_firefox: released (10.0.2+build1-0ubuntu0.10.10.1)
natty_firefox: released (10.0.2+build1-0ubuntu0.11.04.1)
oneiric_firefox: released (10.0.2+build1-0ubuntu0.11.10.1)
devel_firefox: released (11.0~b3+build2-0ubuntu1)


Patches_thunderbird:
upstream_thunderbird: released (3.1.19, 10.0.2)
hardy_thunderbird: ignored (reached end-of-life)
lucid_thunderbird: released (3.1.19+build1+nobinonly-0ubuntu0.10.04.1)
maverick_thunderbird: released (3.1.19+build1+nobinonly-0ubuntu0.10.10.1)
natty_thunderbird: released (3.1.19+build1+nobinonly-0ubuntu0.11.04.1)
oneiric_thunderbird: released (11.0+build1-0ubuntu0.11.10.1)
devel_thunderbird: released (11.0~b2+build2-0ubuntu3)


Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: needs-triage
hardy_xulrunner-1.9.2: ignored (reached end-of-life)
lucid_xulrunner-1.9.2: released (1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1)
maverick_xulrunner-1.9.2: released (1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1)
natty_xulrunner-1.9.2: released (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1)
oneiric_xulrunner-1.9.2: DNE
devel_xulrunner-1.9.2: DNE


Patches_chromium-browser:
upstream_chromium-browser: released (17.0.963.56)
hardy_chromium-browser: DNE
lucid_chromium-browser: not-affected (uses system libpng)
maverick_chromium-browser: not-affected (uses system libpng)
natty_chromium-browser: not-affected (uses system libpng)
oneiric_chromium-browser: not-affected (uses system libpng)
devel_chromium-browser: not-affected (uses system libpng)