Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/natty-security/chromium-browser
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

46. By Micah Gersten on 2011-10-12

* New upstream release from the Stable Channel (LP: #858744)
  This release fixes the following security issues:
  + Chromium issues (13.0.782.220):
    - Trust in Diginotar Intermediate CAs revoked
  + Chromium issues (14.0.835.163):
    - [49377] High CVE-2011-2835: Race condition in the certificate cache.
      Credit to Ryan Sleevi.
    - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
    - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
      loading plug-ins. Credit to Michal Zalewski.
    - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
      Mario Gomes.
    - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
      Credit to Kostya Serebryany.
    - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
      to Mario Gomes.
    - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
      to Jordi Chancel.
    - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
      Credit to Arthur Gerkis.
    - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
      Credit to miaubiz.
    - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
      Credit to Google Chrome Security Team (Inferno).
    - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
      to Google Chrome Security Team (SkyLined).
    - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
      non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
    - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
      Helin of OUSPG.
    - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
      characters. Credit to Google Chrome Security Team (Inferno).
    - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
      Credit to Google Chrome Security Team (Inferno).
    - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
      session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
  + Chromium issues (14.0.835.202):
    - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
      window prototype. Credit to Sergey Glazunov.
    - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
      handling. Credit to Google Chrome Security Team (Inferno).
    - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
      Credit to Zhenyao Mo.
  + Webkit issues (14.0.835.163):
    - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
      user interaction. Credit to kuzzcc.
    - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
      Credit to Arthur Gerkis.
    - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
    - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
      to miaubiz.
    - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
      handing. Credit to Sławomir Błażek, and independent later discoveries by
      miaubiz and Google Chrome Security Team (Inferno).
    - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
      Arthur Gerkis.
    - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
      to miaubiz.
    - [93587] High CVE-2011-2860: Use-after-free in table style handling.
      Credit to miaubiz.
  + Webkit issues (14.0.835.202):
    - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
      Credit to miaubiz.
    - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
  + LibXML issue (14.0.835.163):
    - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
      to Yang Dingning
  + V8 issues (14.0.835.163):
    - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
      to Kostya Serebryany
    - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
    - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
    - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
      Credit to Sergey Glazunov.
    - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
      to Christian Holler.
  + V8 issues (14.0.835.202):
    - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
      bindings. Credit to Sergey Glazunov.
    - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
      Credit to Sergey Glazunov.

[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
  - update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
  the upstream rename, and add a mapping flag to the grit converter
  - update debian/rules
* Refresh Patches

[ Micah Gersten ]
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
  - update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
  - update debian/control

45. By Micah Gersten on 2011-06-30

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
  This release fixes the following security issues:
  + WebKit issues:
    - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
      Credit to miaubiz.
    - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
      to miaubiz.
    - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
      HTML parser. Credit to miaubiz.
    - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
      Credit to miaubiz.
    - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
      to miaubiz.
  + Chromium issues:
    - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
      handling. Credit to Philippe Arteau.
    - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
      Helin of OUSPG.

44. By Micah Gersten on 2011-06-10

[ Fabien Tassin <email address hidden> ]
* New upstream release from the Stable Channel (LP: #794197)
  It includes:
  - Hardware accelerated 3D CSS
  - New Safe Browsing protection against downloading malicious files
  - Integrated Sync into new settings pages
  This release fixes the following security issues:
  + WebKit issues:
    - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
      issues in float handling. Credit to miaubiz.
    - [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
      Credit to Google Chrome Security Team (SkyLined).
    - [75643] Low CVE-2011-1810: Visit history information leak in CSS.
      Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
      Research (MSVR).
    - [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
      to kuzzcc.
    - [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
    - [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
  + Chromium issues:
    - [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
      Credit to “DimitrisV22”.
    - [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
    - [78516] High CVE-2011-1813: Stale pointer in extension framework.
      Credit to Google Chrome Security Team (Inferno).
    - [79862] Low CVE-2011-1815: Extension script injection into new tab
      page. Credit to kuzzcc.
    - [81916] Medium CVE-2011-1817: Browser memory corruption in history
      deletion. Credit to Collin Payne.
    - [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
      Credit to Vladislavas Jarmalis, plus subsequent independent discovery
      by Sergey Glazunov.
    - [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
* Drop the stored passwords patch (fixed upstream)
  - remove debian/patches/stored_passwords_lp743494.patch
  - update debian/patches/series
* Empty the -inspector package now that it has been merged into the main
  resources.pak file (so that the Inspector remains usable after an upgrade
  until the next browser restart). Also remove the resources directory,
  now empty
  - remove debian/chromium-browser-inspector.install
  - update debian/chromium-browser.dirs
  - update debian/rules
* Update the location of the app_strings templates
  - update debian/rules
* Rebase the GL dlopen patch
  - update debian/patches/dlopen_sonamed_gl.patch
* Drop the gtk resize patch, now that upstream does it for us
  - remove debian/patches/disable_gtk_resize_grip_on_natty.patch
  - update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
  detect that xdg-setting is present on the system (ensuring it's a recent
  enough xdg-utils)
  - update debian/chromium-browser.sh.in
  - remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
  - update debian/patches/series
* Drop the dedicated webapp WMClass patch
  - remove debian/patches/webapps-wm-class-lp692462.patch
  - update debian/patches/series

[ Micah Gersten <email address hidden> ]
* Don't have chromium-browser depend on chromium-browser-inspector anymore
  it's now a transitional package; Change text of chromium-browser-inspector
  to reflect its transitional nature
  - update debian/control

43. By Micah Gersten on 2011-05-25

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #787846)
  This release fixes the following security issues:
  + WebKit issues:
    - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
    - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
      to Martin Barbella.
    - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
      Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
      of the Chromium development community.
  + GPU/WebGL issue:
    - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
      buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
  (LP: #748881)
  - update debian/chromium-browser.svg

42. By Micah Gersten on 2011-05-14

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #781822)
  This release fixes the following security issues:
  + WebKit issues:
    - [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
      to Google Chrome Security Team (SkyLined).
    - [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
      to Google Chrome Security Team (Cris Neckar).

41. By Micah Gersten on 2011-05-08

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #778822)
  This release fixes the following security issues:
  + WebKit issues:
    - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
      (credit: Mitz)
    - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
    - [78948] High, CVE-2011-1795: integer underflow in forms handling
      (credit: Cris Neckar)
    - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
    - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
    - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
* Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
  - update debian/rules

[ Micah Gersten <email address hidden> ]
* Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
  - update debian/control

40. By Fabien Tassin on 2011-04-27

* New Major upstream release from the Stable Channel (LP: #771935)
  This release fixes the following security issues:
  + WebKit issues:
    - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
      Credit to Scott Hess of the Chromium development community and Martin
    - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
      Chamal De Silva.
    - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
      Credit to Kostya Serebryany of the Chromium development community.
    - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
      Credit to miaubiz.
    - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
      Credit to kuzzcc.
    - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
      Credit to Jose A. Vazquez.
    - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
      Credit to Michael Griffiths.
    - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
      Credit to Sergey Glazunov and wushi of team 509.
    - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
      Martin Barbella.
    - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
      wushi of team509.
    - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
      with navigation errors and interrupted loads. Credit to kuzzcc.
    - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
      Credit to miaubiz.
    - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
      Credit to wushi of team509.
    - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
      Marek Majkowski.
    - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
      Sergey Glazunov.
    - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
      to Sergey Glazunov.
  + Chromium issues:
    - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
      Credit to Aki Helin.
    - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
      capture local files. Credit to Cole Snodgrass.
    - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
      interaction with X. Credit to miaubiz.
    - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
      to Dan Rosenberg.
    - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
      to kuzzcc.
    - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
      reload. Credit to Jordi Chancel.
    - [74763] High, CVE-2011-1439: Prevent interference between renderer
      processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
  Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
  - add debian/patches/stored_passwords_lp743494.patch
  - update debian/patches/series
* Fix the dedicated webapp WMClass (needed by Unity/bamf).
  Don't change the WMClass at all on XFCE where it is displayed to
  the user as a title (which it isn't). This is a backport
  of upstream revisions 82581 & 82672 (LP: #692462)
  - update debian/patches/webapps-wm-class-lp692462.patch
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
  - update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
  - update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
  - update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
  the Launchpad translations already used in Ubuntu since Chromium 8)
  - update debian/rules

39. By Fabien Tassin on 2011-04-14

* New upstream minor release from the Stable Channel (LP: #762275)
  This release fixes the following security issues:
  - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
    Credit to Google Chrome Security Team (Inferno).
  - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
    to Christoph Diehl.
* Make the default mail client and browser settings work with the
  x-scheme-handler method of registering URI handlers in gnome3.
  This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
  <email address hidden>, itself based on Bastien Nocera <email address hidden>
  upstream fix (LP: #670128)
  - add debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
  - update debian/patches/series
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
  called from apport/ubuntu-bug (LP: #759635)
  - update debian/apport/chromium-browser.py
* Report a dedicated WMClass per webapp, needed by Unity/bamf.
  (backported from trunk) (LP: #692462)
  - add debian/patches/webapps-wm-class-lp692462.patch
  - update debian/patches/series

38. By Fabien Tassin on 2011-03-30

* NaCL may be blacklisted, so only include it when it's actually been
  built (fixes the ftbfs on arm) (LP: #745854)
  - update debian/rules
  - update debian/chromium-browser.install
* Harden the apport hooks in the extensions section
  - update debian/apport/chromium-browser.py

37. By Fabien Tassin on 2011-03-24

* New upstream minor release from the Stable Channel (LP: #742118)
  This release fixes the following security issues:
  + Webkit bugs:
    - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
      to Sławomir Błażek.
    - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
      to Sergey Glazunov.
    - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
      Sergey Glazunov.
    - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
      parentage. Credit to Sergey Glazunov.
    - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
      to Sergey Glazunov.
  + Chromium bugs:
    - [72517] High, CVE-2011-1291: Buffer error in base string handling.
      Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
  preventing a SIGILL crash on some boards (LP: #735877)
  - update debian/control
* Install libppGoogleNaClPluginChrome.so (LP: #738331)
  - update debian/rules
  - update debian/chromium-browser.install

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.