[ubuntu/precise] chromium-browser 17.0.963.46~r119351-0ubuntu1 (Accepted)

Micah Gersten micahg at ubuntu.com
Wed Feb 15 08:01:03 UTC 2012


chromium-browser (17.0.963.46~r119351-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #931905)
    This release fixes the following security issues:
    - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
      Credit to Daniel Cheng of the Chromium development community.
    - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
      Collin Payne.
    - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
      to David Grogan of the Chromium development community.
    - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
      extensions. Credit to Devdatta Akhawe, UC Berkeley.
    - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
      Credit to Aki Helin of OUSPG.
    - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
      miaubiz.
    - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
      Aki Helin of OUSPG.
    - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
      Credit to Aki Helin of OUSPG.
    - [108871] Critical CVE-2011-3961: Race condition after crash of utility
      process. Credit to Shawn Goertzen.
    - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
      to Aki Helin of OUSPG.
    - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
      handling. Credit to Atte Kettunen of OUSPG.
    - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
      Code Audit Labs of VulnHunt.com.
    - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
      Błażek.
    - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
      Credit to Aki Helin of OUSPG.
    - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
      Carrillo.
    - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
      Arthur Gerkis.
    - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
      Arthur Gerkis.
    - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
      Aki Helin of OUSPG.
    - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
      to Arthur Gerkis.
    - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
      Credit to Google Chrome Security Team (Inferno).

  * Rebase patch
    - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
  * Update .install file to just install all .pak files instead of listing them
    by name
    - update debian/chromium-browser.install

Date: Wed, 15 Feb 2012 01:32:50 -0600
Changed-By: Micah Gersten <micahg at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/chromium-browser/17.0.963.46~r119351-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 15 Feb 2012 01:32:50 -0600
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg
Architecture: source
Version: 17.0.963.46~r119351-0ubuntu1
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Micah Gersten <micahg at ubuntu.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 931905
Changes: 
 chromium-browser (17.0.963.46~r119351-0ubuntu1) precise; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #931905)
     This release fixes the following security issues:
     - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
       Credit to Daniel Cheng of the Chromium development community.
     - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
       Collin Payne.
     - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
       to David Grogan of the Chromium development community.
     - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
       extensions. Credit to Devdatta Akhawe, UC Berkeley.
     - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
       Credit to Aki Helin of OUSPG.
     - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
       miaubiz.
     - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
       Aki Helin of OUSPG.
     - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
       Credit to Aki Helin of OUSPG.
     - [108871] Critical CVE-2011-3961: Race condition after crash of utility
       process. Credit to Shawn Goertzen.
     - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
       to Aki Helin of OUSPG.
     - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
       handling. Credit to Atte Kettunen of OUSPG.
     - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
       Code Audit Labs of VulnHunt.com.
     - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
       Błażek.
     - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
       Credit to Aki Helin of OUSPG.
     - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
       Carrillo.
     - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
       Arthur Gerkis.
     - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
       Arthur Gerkis.
     - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
       Aki Helin of OUSPG.
     - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
       to Arthur Gerkis.
     - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
       Credit to Google Chrome Security Team (Inferno).
 .
   * Rebase patch
     - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
   * Update .install file to just install all .pak files instead of listing them
     by name
     - update debian/chromium-browser.install
Checksums-Sha1: 
 0c4ded58e1b1109e59570d872dd65b599d94241d 2445 chromium-browser_17.0.963.46~r119351-0ubuntu1.dsc
 ea93e6202f95c28c9bb590d4fefb9c087f2a250b 278291930 chromium-browser_17.0.963.46~r119351.orig.tar.gz
 b23aeba060c9c5ef8fff34d82abdd46c0e271f37 204109 chromium-browser_17.0.963.46~r119351-0ubuntu1.diff.gz
Checksums-Sha256: 
 b633137fc6aa604b5563ba6a21b98236aee61b68ef2a155961ac55975fb88612 2445 chromium-browser_17.0.963.46~r119351-0ubuntu1.dsc
 276362d69791688d85611b9af51f5ad66e457b37789ac414a1189357589ab34b 278291930 chromium-browser_17.0.963.46~r119351.orig.tar.gz
 669dd781439db8d933c3a20574a2f503547eec949661c503ec4649f7f2337383 204109 chromium-browser_17.0.963.46~r119351-0ubuntu1.diff.gz
Files: 
 700e043fb1998d2102e4c02361502caf 2445 web optional chromium-browser_17.0.963.46~r119351-0ubuntu1.dsc
 9e40846ea89755a0bb08ddb972ed52ad 278291930 web optional chromium-browser_17.0.963.46~r119351.orig.tar.gz
 6d62642e57897e94ed5b6bd82bc98261 204109 web optional chromium-browser_17.0.963.46~r119351-0ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk87YA8ACgkQTniv4aqX/VmCDACfdxLNOvwXCxVQRKq0BACvkMQ8
jDIAoIu3gU2s792SpCuLv4l9/MQurMtL
=YItB
-----END PGP SIGNATURE-----


More information about the Precise-changes mailing list