[ubuntu/natty-security] chromium-browser 18.0.1025.151~r130497-0ubuntu0.11.04.1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Fri Apr 20 08:47:26 UTC 2012
chromium-browser (18.0.1025.151~r130497-0ubuntu0.11.04.1) natty-security; urgency=low
* New upstream release from the Stable Channel (LP: #977502)
- black screen on Hybrid Graphics system with GPU accelerated compositing
enabled (Issue: 117371)
- CSS not applied to <content> element (Issue: 114667)
- Regression rendering a div with background gradient and borders
(Issue: 113726)
- Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
- Multiple crashes (Issues: 72235, 116825 and 92998)
- Pop-up dialog is at wrong position (Issue: 116045)
- HTML Canvas patterns are broken if you change the transformation matrix
(Issue: 112165)
- SSL interstitial error "proceed anyway" / "back to safety" buttons don't
work (Issue: 119252)
This release fixes the following security issues:
- [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
Sergey Glazunov.
- [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
miaubiz.
- [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
window. Credit to Sergey Glazunov.
- [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.
- [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
to Sławomir Błażek.
- [119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.
- [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
to Google Chrome Security Team (Inferno).
Date: 2012-04-10 03:05:40.206128+00:00
Changed-By: Micah Gersten <launchpad at micahscomputing.com>
Maintainer: Fabien Tassin <fta at ubuntu.com>
Signed-By: Martin Pitt <martin.pitt at ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/chromium-browser/18.0.1025.151~r130497-0ubuntu0.11.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Natty-changes
mailing list