lp:~chromium-team/chromium-browser/chromium-browser.stable
- Get this branch:
- bzr branch lp:~chromium-team/chromium-browser/chromium-browser.stable
Branch merges
Related bugs
Related blueprints
Branch information
Recent revisions
- 677. By Micah Gersten
-
(merge from chromium-
browser. precise) * New upstream release from the Stable Channel (LP: #977502)
- black screen on Hybrid Graphics system with GPU accelerated compositing
enabled (Issue: 117371)
- CSS not applied to <content> element (Issue: 114667)
- Regression rendering a div with background gradient and borders
(Issue: 113726)
- Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
- Multiple crashes (Issues: 72235, 116825 and 92998)
- Pop-up dialog is at wrong position (Issue: 116045)
- HTML Canvas patterns are broken if you change the transformation matrix
(Issue: 112165)
- SSL interstitial error "proceed anyway" / "back to safety" buttons don't
work (Issue: 119252)
This release fixes the following security issues:
- [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
Sergey Glazunov.
- [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
miaubiz.
- [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
window. Credit to Sergey Glazunov.
- [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.
- [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
to Sławomir Błażek.
- [119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.
- [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
to Google Chrome Security Team (Inferno). - 676. By Micah Gersten
-
(merge 18.0.1025.
142~r129054 from chromium- browser. precise) * New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google. com/p/chromium/ issues/ detail? id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/ dlopen_ libgnutls. patch
- update debian/patches/ series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules - 675. By Micah Gersten
-
(merge r724 from chromium-
browser. precise) * New upstream release from the Stable Channel (LP: #961831)
This release fixes the following security issues:
- [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
to Glenn Randers-Pehrson of the libpng project.
- [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
Credit to Ben Vanik of Google.
- [116746] High CVE-2011-3053: Use-after-free in block splitting.
Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui
privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation. Credit to PinkiePie.
- [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
Credit to Sergey Glazunov.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler. - 674. By Micah Gersten
-
(merge from chromium-
browser. precise) * New upstream release from the Stable Channel (LP: #952711)
This release fixes the following security issue:
- [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
process memory corruption. Credit to PinkiePie.
* New upstream release from the Stable Channel (LP: #950174)
This release fixes the following security issue:
- [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation.
Credit to Sergey Glazunov.
* Add libgles2-mesa-dev build dependency on armhf as well; Hopefully really
fix LP: #943281; Thanks to Christian Dywan for the tip
- update debian/control - 673. By Micah Gersten
-
(merge from chromium-
browser. precise) * New upstream release from the Stable Channel (LP: #948749)
- fixes regression in the DOM [116789]
* Revert manual changes to v8 build system since we're using the gyp flag now
- update debian/patches/ fix-armhf- ftbfs.patch
* Attempt to fix armhf build again (LP: #943281)
- update debian/rules - 672. By Micah Gersten
-
Merge from chromium-
browser. precise * New upstream release from the Stable Channel (LP: #946914)
- Cursors and backgrounds sometimes do not load [111218]
- Plugins not loading on some pages [108228]
- Text paste includes trailing spaces [106551]
- Websites using touch controls break [110332]
This release fixes the following security issues:
- [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
to Chamal de Silva.
- [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
to Arthur Gerkis.
- [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
library. Credit to Aki Helin of OUSPG.
- [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
Credit to Arthur Gerkis.
- [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
Arthur Gerkis.
- [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
miaubiz.
- [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
block splitting. Credit to miaubiz.
- [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
Credit to miaubiz.
- [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
miaubiz.
- [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
to miaubiz.
- [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
Credit to miaubiz.
- [114219] High CVE-2011-3042: Use-after-free in table section handling.
Credit to miaubiz.
- [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
to miaubiz.
- [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
Credit to Arthur Gerkis.
* Fix FTBFS on armhf (LP: #943281)
- add debian/patches/ fix-armhf- ftbfs.patch
- update debian/patches/ series - 671. By Micah Gersten
-
Merge from (chromium-
browser. precise up to #709) * Fix arm specific flags again; Use findstring instead of filter as arm
isn't the entire build arch name
- update debian/rules
* Add arm specific flags for arm*, not just armel; This allows building on
armhf successfully (we hope)
- update debian/rules
* Change chromium-browser- dbg to Priority: extra, Section: debug per lintian
- update debian/control
* Fix line endings in debian/copyright per lintian
- update debian/copyright
* Make copyright file UTF-8 per lintian
- update debian/copyright
* New upstream release from the Stable Channel (LP: #933262)
This release fixes the following security issues:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
* New upstream release from the Stable Channel (LP: #931905)
This release fixes the following security issues:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/ disable_ dlog_and_ dcheck_ in_release_ builds. patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium- browser. install
* New upstream release from the Stable Channel (LP: #923602, #897389)
(LP: #914648, #889711)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
This upload also includes the following security fixes from 16.0.912.75:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
This upload also includes the following fixes from 15.0.874.121:
- fix to a regression: SVG in iframe doesn't use specified dimensions
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler
* Add patch to build with glib 2.31 (single entry header inclusion)
- add debian/patches/ glib-header- single- entry.patch
- update debian/patches/ series
* Refresh user agent patch
- update debian/patches/ chromium_ useragent. patch.in
* New upstream release from the Stable Channel (LP: #889711)
This release fixes the following security issues:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
Branch metadata
- Branch format:
- Branch format 6
- Repository format:
- Bazaar pack repository format 1 (needs bzr 0.92)