[ubuntu/precise] chromium-browser 18.0.1025.142~r129054-0ubuntu1 (Accepted)
Micah Gersten
micahg at ubuntu.com
Mon Apr 2 03:46:13 UTC 2012
chromium-browser (18.0.1025.142~r129054-0ubuntu1) precise; urgency=low
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
Date: Sun, 01 Apr 2012 22:17:11 -0500
Changed-By: Micah Gersten <micahg at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/chromium-browser/18.0.1025.142~r129054-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 01 Apr 2012 22:17:11 -0500
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg
Architecture: source
Version: 18.0.1025.142~r129054-0ubuntu1
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Micah Gersten <micahg at ubuntu.com>
Description:
chromium-browser - Chromium browser
chromium-browser-dbg - chromium-browser debug symbols
chromium-browser-l10n - chromium-browser language packages
chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 968901
Changes:
chromium-browser (18.0.1025.142~r129054-0ubuntu1) precise; urgency=low
.
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
Checksums-Sha1:
7061a81a711dfdfee64c478620e56d69a57962f4 2475 chromium-browser_18.0.1025.142~r129054-0ubuntu1.dsc
db1955128f5019364d27cb0d2977ef6d0e719663 390438888 chromium-browser_18.0.1025.142~r129054.orig.tar.gz
9873f1f457ef56a13969d76e3894ced2f3d9f13a 206155 chromium-browser_18.0.1025.142~r129054-0ubuntu1.diff.gz
Checksums-Sha256:
5edb46ac94d2715e8a3b122e74dab4b970f9ef7dd4a520cf89f92fc593015a52 2475 chromium-browser_18.0.1025.142~r129054-0ubuntu1.dsc
e18aa947da9cfeaab0c5366f00824ed0b044bbd76c038b118103e322e1659c12 390438888 chromium-browser_18.0.1025.142~r129054.orig.tar.gz
ae34361373203778673352741b29a661d16354d489ab806bb1d39c76e154a063 206155 chromium-browser_18.0.1025.142~r129054-0ubuntu1.diff.gz
Files:
92c8f7ff311e02f648eaaae2c0f10478 2475 web optional chromium-browser_18.0.1025.142~r129054-0ubuntu1.dsc
09e2ac82c94d1ca870f49ec57ae05b38 390438888 web optional chromium-browser_18.0.1025.142~r129054.orig.tar.gz
96efb982d1d0db3b9bbb739c2df49b82 206155 web optional chromium-browser_18.0.1025.142~r129054-0ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk95Go0ACgkQTniv4aqX/VlrzQCeISAW76hvxcJQYn4VOAp6J0er
C54AnjKObOSGwSdsHpqHwDBwyo9LsMxZ
=Ng+1
-----END PGP SIGNATURE-----
More information about the Precise-changes
mailing list