[ubuntu/oneiric] chromium-browser 13.0.782.215~r97094-0ubuntu1 (Accepted)

Fabien Tassin fta at ubuntu.com
Tue Aug 23 08:40:40 UTC 2011


chromium-browser (13.0.782.215~r97094-0ubuntu1) oneiric; urgency=high

  * New upstream release from the Stable Channel
    This release fixes the following security issues:
    + Chromium issues:
     - [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
       Chrome Security Team (SkyLined).
    + Webkit issues:
     - [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
       to Google Chrome Security Team (SkyLined) and independent later
       discovery by miaubiz.
     - [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
       to miaubiz.
     - [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
       wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
       later discovery by miaubiz.
     - [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
       Credit to Sergey Glazunov.
     - [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
       miaubiz.
     - [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
       arrays. Credit to Sergey Glazunov.
    + libxml2 issue:
     - [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
       Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
       Academy of Sciences.
  Packaging changes:
  * Fix a FTBFS with cups 1.5.0 by including individual cups headers
    - add debian/patches/cups_1.5_build_fix.patch
    - update debian/patches/series

Date: Tue, 23 Aug 2011 07:22:44 +0200
Changed-By: Fabien Tassin <fta at ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/chromium-browser/13.0.782.215~r97094-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 23 Aug 2011 07:22:44 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg
Architecture: source
Version: 13.0.782.215~r97094-0ubuntu1
Distribution: oneiric
Urgency: high
Maintainer: Fabien Tassin <fta at ubuntu.com>
Changed-By: Fabien Tassin <fta at ubuntu.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Changes: 
 chromium-browser (13.0.782.215~r97094-0ubuntu1) oneiric; urgency=high
 .
   * New upstream release from the Stable Channel
     This release fixes the following security issues:
     + Chromium issues:
      - [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
        Chrome Security Team (SkyLined).
     + Webkit issues:
      - [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
        to Google Chrome Security Team (SkyLined) and independent later
        discovery by miaubiz.
      - [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
        to miaubiz.
      - [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
        wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
        later discovery by miaubiz.
      - [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
        Credit to Sergey Glazunov.
      - [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
        miaubiz.
      - [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
        arrays. Credit to Sergey Glazunov.
     + libxml2 issue:
      - [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
        Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
        Academy of Sciences.
   Packaging changes:
   * Fix a FTBFS with cups 1.5.0 by including individual cups headers
     - add debian/patches/cups_1.5_build_fix.patch
     - update debian/patches/series
Checksums-Sha1: 
 e49b97af24d823fb85221d9694c10c4cbcedef51 2091 chromium-browser_13.0.782.215~r97094-0ubuntu1.dsc
 805cf0ad0f06c987eaad2e72ce04804dbc031134 186113179 chromium-browser_13.0.782.215~r97094.orig.tar.gz
 375232bde44bc2053616623c1b9038e9ea252506 204872 chromium-browser_13.0.782.215~r97094-0ubuntu1.diff.gz
Checksums-Sha256: 
 a4d2fadfa455f380d32c76d4db52afe74a8c98a2f665b0d2a61f170f5faed460 2091 chromium-browser_13.0.782.215~r97094-0ubuntu1.dsc
 8d719632f6d67ad0bfc9781da46b74d2a2e024960f0398b0e14b11216ee6fc17 186113179 chromium-browser_13.0.782.215~r97094.orig.tar.gz
 5cecc55c8ed02dc5976e5a3a5e736ecc1a450eda8f7410024e9dd748ec77a82c 204872 chromium-browser_13.0.782.215~r97094-0ubuntu1.diff.gz
Files: 
 e677816597c3a0c7cf9016b0a495babc 2091 web optional chromium-browser_13.0.782.215~r97094-0ubuntu1.dsc
 87ac5102e0441de729139120b3b649e4 186113179 web optional chromium-browser_13.0.782.215~r97094.orig.tar.gz
 2723c7439007748add30f46c6314d6aa 204872 web optional chromium-browser_13.0.782.215~r97094-0ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5TZfUACgkQaOfNHbbuIOi00wCgmeuGq5wXHaLPIMQX9N5oA8z8
nT0An0T/IrNJcd7K4O48gSZT33dFBJOu
=hFFn
-----END PGP SIGNATURE-----


More information about the Oneiric-changes mailing list