Format: 1.8 Date: Wed, 05 Oct 2011 04:06:44 -0500 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg Architecture: all i386 Version: 14.0.835.202~r103287-0ubuntu1 Distribution: oneiric Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Micah Gersten Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-l10n - chromium-browser language packages chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols Launchpad-Bugs-Fixed: 858744 Changes: chromium-browser (14.0.835.202~r103287-0ubuntu1) oneiric; urgency=low . * New upstream release from the Stable Channel (LP: #858744) This release fixes the following security issues: + Chromium issues (13.0.782.220): - Trust in Diginotar Intermediate CAs revoked + Chromium issues (14.0.835.163): - [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi. - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski. - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes. - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany. - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG. - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid). + Chromium issues (14.0.835.202): - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). - [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo. + Webkit issues (14.0.835.163): - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. - [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. - [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. + Webkit issues (14.0.835.202): - [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz. + LibXML issue (14.0.835.163): - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning + V8 issues (14.0.835.163): - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. + V8 issues (14.0.835.202): - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. . [ Fabien Tassin ] * Add libpulse-dev to Build-Depends, needed for WebRTC - update debian/control * Drop the HTML5 video patch, now committed upstream - remove debian/patches/html5-codecs-fix.patch - update debian/patches/series * Rename ui/base/strings/app_strings.grd to ui_strings.grd following the upstream rename, and add a mapping flag to the grit converter - update debian/rules * Add a "Conflicts" with -inspector so that it gets removed - update debian/control * Build with the default gcc-4.6 on Oneiric - update debian/control - update debian/rules * Refresh Patches Checksums-Sha1: f37c94b9a255f0daddef34d45f0966874d67089a 2048872 chromium-browser-l10n_14.0.835.202~r103287-0ubuntu1_all.deb 83710eedcaba0593d607ee8c352a5f9fc579e1f8 19517408 chromium-browser_14.0.835.202~r103287-0ubuntu1_i386.deb 7581b4dcf6b746bb4b52e88bc4abbbafddfdbde2 2648804 chromium-browser-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb 6eab6ccc27d7e4a59e54908334887b60b17bd422 366230 chromium-codecs-ffmpeg_14.0.835.202~r103287-0ubuntu1_i386.deb 7490c919b69ecfaf188d0d0a3f60a8d0cf03ac8d 602232 chromium-codecs-ffmpeg-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb 0d39ce7e993b97264562386f5723b90f2a225c0b 625094 chromium-codecs-ffmpeg-extra_14.0.835.202~r103287-0ubuntu1_i386.deb 1e891df3417f3ffbc9378b3eaef5a77633fba880 1142336 chromium-codecs-ffmpeg-extra-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb Checksums-Sha256: 9dd36f06d57df0eb72975e374aea1d6cb18399d56eb8648affa7e278b16f5034 2048872 chromium-browser-l10n_14.0.835.202~r103287-0ubuntu1_all.deb b6c72fc45183cfb44e7b209a3997baab25a5d17ad91e67ab2c24803177c6667f 19517408 chromium-browser_14.0.835.202~r103287-0ubuntu1_i386.deb 823fcb937786ecb2881064a52c7f5fbcee9cdf95a2d3f197298aac5ba1d85325 2648804 chromium-browser-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb 1a3ff43fcafc23d378a7897426000440cf25e77fe44b76e325cfcfbc11cf2293 366230 chromium-codecs-ffmpeg_14.0.835.202~r103287-0ubuntu1_i386.deb d08fade054564c26d1ea36cfd7782ee724265c15d7814c352bff0902db0923ac 602232 chromium-codecs-ffmpeg-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb 1ec4463b603fd51f8a4f773c42d6b737184227c995db69bd9ae371cce4af123d 625094 chromium-codecs-ffmpeg-extra_14.0.835.202~r103287-0ubuntu1_i386.deb 8ebbc0794d3144cad64b9e0dc868c9e945f8c324eb815a92cfd99fd92fce9b4f 1142336 chromium-codecs-ffmpeg-extra-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb Files: ba73ad13a22fa9523ad00294094715bf 2048872 web optional chromium-browser-l10n_14.0.835.202~r103287-0ubuntu1_all.deb 06f55becf866010862c369f114ceddef 19517408 web optional chromium-browser_14.0.835.202~r103287-0ubuntu1_i386.deb 5607eda920c295fd134aacc4b76e28a4 2648804 devel optional chromium-browser-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb 7dc63beeb63699b1b3f9017263284b2b 366230 web optional chromium-codecs-ffmpeg_14.0.835.202~r103287-0ubuntu1_i386.deb eeac5d896ed9983013c730007d2c3dbd 602232 debug extra chromium-codecs-ffmpeg-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb e10d6b01f385e1882ea78c24b9cdefa7 625094 web optional chromium-codecs-ffmpeg-extra_14.0.835.202~r103287-0ubuntu1_i386.deb 64da76f93859105ae8e10583bb329039 1142336 debug extra chromium-codecs-ffmpeg-extra-dbg_14.0.835.202~r103287-0ubuntu1_i386.deb