[ubuntu/oneiric] chromium-browser 14.0.835.202~r103287-0ubuntu1 (Accepted)

Micah Gersten micahg at ubuntu.com
Wed Oct 5 09:34:29 UTC 2011


chromium-browser (14.0.835.202~r103287-0ubuntu1) oneiric; urgency=low

  * New upstream release from the Stable Channel (LP: #858744)
    This release fixes the following security issues:
    + Chromium issues (13.0.782.220):
      - Trust in Diginotar Intermediate CAs revoked
    + Chromium issues (14.0.835.163):
      - [49377] High CVE-2011-2835: Race condition in the certificate cache.
        Credit to Ryan Sleevi.
      - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
        wbrana.
      - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
        loading plug-ins. Credit to Michal Zalewski.
      - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
        Mario Gomes.
      - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
        Credit to Kostya Serebryany.
      - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
        to Mario Gomes.
      - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
        to Jordi Chancel.
      - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
        Credit to Arthur Gerkis.
      - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
        Credit to miaubiz.
      - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
        Credit to Google Chrome Security Team (Inferno).
      - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
        to Google Chrome Security Team (SkyLined).
      - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
        non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
      - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
        Helin of OUSPG.
      - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
        characters. Credit to Google Chrome Security Team (Inferno).
      - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
        Credit to Google Chrome Security Team (Inferno).
      - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
        session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
    + Chromium issues (14.0.835.202):
      - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
        window prototype. Credit to Sergey Glazunov.
      - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
        handling. Credit to Google Chrome Security Team (Inferno).
      - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
        Credit to Zhenyao Mo.
    + Webkit issues (14.0.835.163):
      - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
        user interaction. Credit to kuzzcc.
      - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
        Credit to Arthur Gerkis.
      - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
        miaubiz.
      - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
        to miaubiz.
      - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
        handing. Credit to Sławomir Błażek, and independent later discoveries by
        miaubiz and Google Chrome Security Team (Inferno).
      - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
        Arthur Gerkis.
      - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
        to miaubiz.
      - [93587] High CVE-2011-2860: Use-after-free in table style handling.
        Credit to miaubiz.
    + Webkit issues (14.0.835.202):
      - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
        Credit to miaubiz.
      - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
        miaubiz.
    + LibXML issue (14.0.835.163):
      - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
        to Yang Dingning
    + V8 issues (14.0.835.163):
      - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
        to Kostya Serebryany
      - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
      - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
        Divricean.
      - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
        Credit to Sergey Glazunov.
      - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
        to Christian Holler.
    + V8 issues (14.0.835.202):
      - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
        bindings. Credit to Sergey Glazunov.
      - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
        Credit to Sergey Glazunov.

  [ Fabien Tassin ]
  * Add libpulse-dev to Build-Depends, needed for WebRTC
    - update debian/control
  * Drop the HTML5 video patch, now committed upstream
    - remove debian/patches/html5-codecs-fix.patch
    - update debian/patches/series
  * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
    the upstream rename, and add a mapping flag to the grit converter
    - update debian/rules
  * Add a "Conflicts" with -inspector so that it gets removed
    - update debian/control
  * Build with the default gcc-4.6 on Oneiric
    - update debian/control
    - update debian/rules
  * Refresh Patches

Date: Wed, 05 Oct 2011 04:06:44 -0500
Changed-By: Micah Gersten <micahg at ubuntu.com>
Maintainer: Fabien Tassin <fta at ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/chromium-browser/14.0.835.202~r103287-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 05 Oct 2011 04:06:44 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg
Architecture: source
Version: 14.0.835.202~r103287-0ubuntu1
Distribution: oneiric
Urgency: low
Maintainer: Fabien Tassin <fta at ubuntu.com>
Changed-By: Micah Gersten <micahg at ubuntu.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 858744
Changes: 
 chromium-browser (14.0.835.202~r103287-0ubuntu1) oneiric; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #858744)
     This release fixes the following security issues:
     + Chromium issues (13.0.782.220):
       - Trust in Diginotar Intermediate CAs revoked
     + Chromium issues (14.0.835.163):
       - [49377] High CVE-2011-2835: Race condition in the certificate cache.
         Credit to Ryan Sleevi.
       - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
         wbrana.
       - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
         loading plug-ins. Credit to Michal Zalewski.
       - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
         Mario Gomes.
       - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
         Credit to Kostya Serebryany.
       - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
         to Mario Gomes.
       - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
         to Jordi Chancel.
       - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
         Credit to Arthur Gerkis.
       - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
         Credit to miaubiz.
       - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
         Credit to Google Chrome Security Team (Inferno).
       - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
         to Google Chrome Security Team (SkyLined).
       - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
         non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
       - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
         Helin of OUSPG.
       - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
         characters. Credit to Google Chrome Security Team (Inferno).
       - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
         Credit to Google Chrome Security Team (Inferno).
       - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
         session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
     + Chromium issues (14.0.835.202):
       - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
         window prototype. Credit to Sergey Glazunov.
       - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
         handling. Credit to Google Chrome Security Team (Inferno).
       - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
         Credit to Zhenyao Mo.
     + Webkit issues (14.0.835.163):
       - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
         user interaction. Credit to kuzzcc.
       - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
         Credit to Arthur Gerkis.
       - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
         miaubiz.
       - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
         to miaubiz.
       - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
         handing. Credit to Sławomir Błażek, and independent later discoveries by
         miaubiz and Google Chrome Security Team (Inferno).
       - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
         Arthur Gerkis.
       - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
         to miaubiz.
       - [93587] High CVE-2011-2860: Use-after-free in table style handling.
         Credit to miaubiz.
     + Webkit issues (14.0.835.202):
       - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
         Credit to miaubiz.
       - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
         miaubiz.
     + LibXML issue (14.0.835.163):
       - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
         to Yang Dingning
     + V8 issues (14.0.835.163):
       - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
         to Kostya Serebryany
       - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
       - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
         Divricean.
       - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
         Credit to Sergey Glazunov.
       - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
         to Christian Holler.
     + V8 issues (14.0.835.202):
       - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
         bindings. Credit to Sergey Glazunov.
       - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
         Credit to Sergey Glazunov.
 .
   [ Fabien Tassin ]
   * Add libpulse-dev to Build-Depends, needed for WebRTC
     - update debian/control
   * Drop the HTML5 video patch, now committed upstream
     - remove debian/patches/html5-codecs-fix.patch
     - update debian/patches/series
   * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
     the upstream rename, and add a mapping flag to the grit converter
     - update debian/rules
   * Add a "Conflicts" with -inspector so that it gets removed
     - update debian/control
   * Build with the default gcc-4.6 on Oneiric
     - update debian/control
     - update debian/rules
   * Refresh Patches
Checksums-Sha1: 
 4a543bbd00f27cf772751b771535abea3717530f 2103 chromium-browser_14.0.835.202~r103287-0ubuntu1.dsc
 e2062ad5a7fe13f6b96019f052ad1164a37b9f92 194401145 chromium-browser_14.0.835.202~r103287.orig.tar.gz
 002962263118ac536dc8a2884061b231f5cbdb0f 206710 chromium-browser_14.0.835.202~r103287-0ubuntu1.diff.gz
Checksums-Sha256: 
 a6658f53ae270dea32dd72bf7933a68aae461f08d66f88ff42633365ff8620f6 2103 chromium-browser_14.0.835.202~r103287-0ubuntu1.dsc
 7e355e016b099e0f8af76c3e886abe4bca58df040fb718396a9aa6b58fd5ca84 194401145 chromium-browser_14.0.835.202~r103287.orig.tar.gz
 4cb67e39422a5e66e159effd0c3b70e4c5d2cfcf65565d57d65cfba3924ae93a 206710 chromium-browser_14.0.835.202~r103287-0ubuntu1.diff.gz
Files: 
 004fa220fab2f3fafe50a4481c572f28 2103 web optional chromium-browser_14.0.835.202~r103287-0ubuntu1.dsc
 afd2547cb07f450d51a8e01bcbf0942e 194401145 web optional chromium-browser_14.0.835.202~r103287.orig.tar.gz
 2fd6701d034fe926c7433fd8de3d30f6 206710 web optional chromium-browser_14.0.835.202~r103287-0ubuntu1.diff.gz


More information about the Oneiric-changes mailing list