Branches for Oneiric

Name Status Last Modified Last Commit
lp:ubuntu/oneiric/chromium-browser 2 Mature 2011-10-05 04:06:44 UTC 2011-10-05
50. * New upstream release from the Stabl...

Author: Micah Gersten
Revision Date: 2011-10-05 04:06:44 UTC

* New upstream release from the Stable Channel (LP: #858744)
  This release fixes the following security issues:
  + Chromium issues (13.0.782.220):
    - Trust in Diginotar Intermediate CAs revoked
  + Chromium issues (14.0.835.163):
    - [49377] High CVE-2011-2835: Race condition in the certificate cache.
      Credit to Ryan Sleevi.
    - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
    - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
      loading plug-ins. Credit to Michal Zalewski.
    - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
      Mario Gomes.
    - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
      Credit to Kostya Serebryany.
    - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
      to Mario Gomes.
    - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
      to Jordi Chancel.
    - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
      Credit to Arthur Gerkis.
    - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
      Credit to miaubiz.
    - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
      Credit to Google Chrome Security Team (Inferno).
    - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
      to Google Chrome Security Team (SkyLined).
    - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
      non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
    - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
      Helin of OUSPG.
    - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
      characters. Credit to Google Chrome Security Team (Inferno).
    - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
      Credit to Google Chrome Security Team (Inferno).
    - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
      session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
  + Chromium issues (14.0.835.202):
    - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
      window prototype. Credit to Sergey Glazunov.
    - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
      handling. Credit to Google Chrome Security Team (Inferno).
    - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
      Credit to Zhenyao Mo.
  + Webkit issues (14.0.835.163):
    - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
      user interaction. Credit to kuzzcc.
    - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
      Credit to Arthur Gerkis.
    - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
    - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
      to miaubiz.
    - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
      handing. Credit to Sławomir Błażek, and independent later discoveries by
      miaubiz and Google Chrome Security Team (Inferno).
    - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
      Arthur Gerkis.
    - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
      to miaubiz.
    - [93587] High CVE-2011-2860: Use-after-free in table style handling.
      Credit to miaubiz.
  + Webkit issues (14.0.835.202):
    - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
      Credit to miaubiz.
    - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
  + LibXML issue (14.0.835.163):
    - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
      to Yang Dingning
  + V8 issues (14.0.835.163):
    - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
      to Kostya Serebryany
    - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
    - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
    - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
      Credit to Sergey Glazunov.
    - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
      to Christian Holler.
  + V8 issues (14.0.835.202):
    - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
      bindings. Credit to Sergey Glazunov.
    - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
      Credit to Sergey Glazunov.

[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
  - update debian/control
* Drop the HTML5 video patch, now committed upstream
  - remove debian/patches/html5-codecs-fix.patch
  - update debian/patches/series
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
  the upstream rename, and add a mapping flag to the grit converter
  - update debian/rules
* Add a "Conflicts" with -inspector so that it gets removed
  - update debian/control
* Build with the default gcc-4.6 on Oneiric
  - update debian/control
  - update debian/rules
* Refresh Patches

lp:ubuntu/oneiric-proposed/chromium-browser bug 2 Mature 2011-10-28 15:09:22 UTC 2011-10-28
51. * New upstream release from the Stabl...

Author: Micah Gersten
Revision Date: 2011-10-27 02:45:31 UTC

* New upstream release from the Stable Channel (LP: #881786)
  - fix LP: #881607 - Error initializing NSS without a persistent database
  This release fixes the following security issues:
  - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
    Jordi Chancel.
  - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
    to Jordi Chancel.
  - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
    download filenames. Credit to Marc Novak.
  - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
    Google Chrome Security Team (Tom Sepez) plus independent discovery by
    Juho Nurminen.
  - [94487] Medium CVE-2011-3878: Race condition in worker process
    initialization. Credit to miaubiz.
  - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
    Masato Kinugawa.
  - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
    to Vladimir Vorontsov, ONsec company.
  - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
    policy violations. Credit to Sergey Glazunov.
  - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
    Credit to Google Chrome Security Team (Inferno).
  - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
  - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
    Brian Ryner of the Chromium development community.
  - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
    style bugs leading to use-after-free. Credit to miaubiz.
  - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
    Christian Holler.
  - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
    Sergey Glazunov.
  - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
    Credit to miaubiz.
  - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  - [99553] High CVE-2011-3890: Use-after-free in video source handling.
    Credit to Ami Fischman of the Chromium development community.
  - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
    Steven Keuchel of the Chromium development community plus independent
    discovery by Daniel Divricean.

[ Chris Coulson <> ]
* Refresh patches
  - update debian/patches/dlopen_sonamed_gl.patch
  - update debian/patches/webkit_rev_parser.patch
* Dropped patches, fixed upstream
  - remove debian/patches/cups_1.5_build_fix.patch
  - update debian/patches/series

[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
  - update debian/rules
* Do not install the pseudo_locales files in the debs
  - update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
  NaCl disabled, so this is a temporary workaround to unbreak the build, it
  must be fixed upstream
  - update debian/control

[ Micah Gersten <> ]
* Switch to internal libvpx; This makes updating easier
  - update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
  - update debian/control

12 of 2 results