chromium-browser 20.0.1132.47~r144678-0ubuntu0.12.04.1 source package in Ubuntu

Changelog

chromium-browser (20.0.1132.47~r144678-0ubuntu0.12.04.1) precise-security; urgency=low

  * New upstream release from the Stable Channel
    This release fixes the following security issues:
    - [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie
      Bursztein of Google.
    - [120222] High CVE-2012-2817: Use-after-free in table section handling.
      Credit to miaubiz.
    - [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to
      miaubiz.
    - [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken
      “gets” Russell of the Chromium development community.
    - [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling.
      Credit to Atte Kettunen of OUSPG.
    - [122925] Medium CVE-2012-2821: Autofill display problem. Credit to
      “simonbrown60”.
    - [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in
      PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany,
      Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind).
    - [124356] High CVE-2012-2823: Use-after-free in SVG resource handling.
      Credit to miaubiz.
    - [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to
      miaubiz.
    - [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion.
      Credit to Google Chrome Security Team (Inferno).
    - [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz
      Jurczyk of Google Security Team with contributions by Gynvael Coldwind of
      Google Security Team and Google Chrome Security Team (Chris Evans).
    - [129947] High CVE-2012-2829: Use-after-free in first-letter handling.
      Credit to miaubiz.
    - [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit
      to miaubiz.
    - [130356] High CVE-2012-2831: Use-after-free in SVG reference handling.
      Credit to miaubiz.
    - [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec.
      Credit to Mateusz Jurczyk of Google Security Team with contributions by
      Gynvael Coldwind of Google Security Team.
    - [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to
      Mateusz Jurczyk of Google Security Team.
    - [132779] High CVE-2012-2834: Integer overflow in Matroska container.
      Credit to Jüri Aedla.
    - [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to
      Nicholas Gregoire.
    - [64-bit Linux only] [129930] High CVE-2012-2807: Integer overflows in
      libxml. Credit to Jüri Aedla.

    This upload also fixes the following issues from 19.0.1084.52:
    - [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to
      the Chromium development community (Brett Wilson).
    - [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to
      Google Chrome Security Team (Inferno).
    - [120912] High CVE-2011-3105: Use-after-free in first-letter handling.
      Credit to miaubiz.
    - [122654] Critical CVE-2011-3106: Browser memory corruption with websockets
      over SSL. Credit to the Chromium development community (Dharani Govindan).
    - [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings.
      Credit to the Chromium development community (Dharani Govindan).
    - [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit
      to “efbiaiinzinz”.
    - [Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to
      Micha Bartholomé.
    - [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110:
      Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google
      Security Team, with contributions by Gynvael Coldwind of the Google
      Security Team.
    - [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian
      Holler.
    - [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF.
      Credit to Mateusz Jurczyk of the Google Security Team, with contributions
      by Gynvael Coldwind of the Google Security Team.
    - [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF.
      Credit to Mateusz Jurczyk of the Google Security Team, with contributions
      by Gynvael Coldwind of the Google Security Team.
    - [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit
      to Google Chrome Security Team (scarybeasts).
    - [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian
      Holler.

    This upload also fixes the following issues from the first Chromium 19
    stable release:
    - [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to
      Aki Helin of OUSPG.
    - [113496] Low CVE-2011-3084: Load links from internal pages in their own
      process. Credit to Brett Wilson of the Chromium development community.
    - [118374] Medium CVE-2011-3085: UI corruption with long autofilled values.
      Credit to “psaldorn”.
    - [118642] High CVE-2011-3086: Use-after-free with style element. Credit to
      Arthur Gerkis.
    - [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to
      Charlie Reis of the Chromium development community.
    - [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing.
      Credit to Aki Helin of OUSPG.
    - [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to
      miaubiz.
    - [121223] Medium CVE-2011-3090: Race condition with workers. Credit to
      Arthur Gerkis.
    - [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to
      Google Chrome Security Team (Inferno).
    - [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to
      Christian Holler.
    - [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling.
      Credit to miaubiz.
    - [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling.
      Credit to miaubiz.
    - [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit
      to Hannu Heikkinen.
    - [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox
      handling. Credit to Arthur Gerkis.
    - [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled
      functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy
      Stepanov of Google.
    - [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font
      encoding name. Credit to Mateusz Jurczyk of Google Security Team and
      Gynvael Coldwind of Google Security Team.
    - [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths.
      Credit to Google Chrome Security Team (Inferno).
    - [Linux only] [118970] Medium CVE-2011-3101: Work around Linux Nvidia
      driver bug. Credit to Aki Helin of OUSPG.
    - [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml.
      Credit to Jüri Aedla.

  * debian/control
    - Added build depends libssl-dev and subversion
  * debian/rules
    - explicitly set arm_float_abi=hard for armhf builds and let the rest
      fallback to softfp
    - do not use third_party/gold as the linker.
    - enable compile-time dependency on gnome-keyring
    - include armv7 in GYP_DEFINES for 11.10, 12.04 and 12.10.  Fixes
      FTBFS on arm (LP: #993080)
  * -debian/patches/ubuntu_dont_overwrite_default_download_directory.patch
    - no longer needed
  * debian/patches/grd_parse_fix.patch
    - Patched to fix broken XML until we can get a proper fix for
      chromium-translation-tools.
  * debian/patches/arm.patch
    - patch from debian to fix FTBFS on armel
  * debian/patches/dlopen_sonamed_gl.patch
    - drop part of patch that is now upstream
 -- Ken VanDine <email address hidden>   Fri, 07 Sep 2012 17:04:42 -0500

Upload details

Uploaded by:
Ken VanDine on 2012-09-07
Sponsored by:
Micah Gersten
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any all
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
chromium-browser_20.0.1132.47~r144678.orig.tar.gz 410.8 MiB 78ca23ff726a924c70cc0929b26891c7
chromium-browser_20.0.1132.47~r144678-0ubuntu0.12.04.1.diff.gz 204.4 KiB db0aa9fee38a430e668a4c047a9e60b1
chromium-browser_20.0.1132.47~r144678-0ubuntu0.12.04.1.dsc 2.5 KiB 938f3e0380d55758876d4e7c28c3daf9

View changes file

Binary packages built by this source

chromium-browser: Chromium browser

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 .
 Chromium serves as a base for Google Chrome, which is Chromium rebranded (name
 and logo) with very few additions such as usage tracking and an auto-updater
 system.
 .
 This package contains the Chromium browser

chromium-browser-dbg: chromium-browser debug symbols

 Debug symbols for the Chromium browser

chromium-browser-l10n: chromium-browser language packages

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 .
 This package contains language packages for 65 languages:
 am, ar, ast, bg, bn, bs, ca, ca@valencia, cs, da, de, el, en-AU, en-GB, eo,
 es-419, es, et, eu, fa, fil, fi, fr, gl, gu, he, hi, hr, hu, hy, ia, id, it,
 ja, ka, kn, ko, ku, kw, lt, lv, ml, mr, ms, nb, nl, pl, pt-BR, pt-PT, ro, ru,
 sk, sl, sr, sv, sw, ta, te, th, tr, ug, uk, vi, zh-CN, zh-TW

chromium-codecs-ffmpeg: Free ffmpeg codecs for the Chromium Browser

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. Only the free ogg, vorbis and theora codecs are
 included. See chromium-codecs-ffmpeg-extra for additionnal codecs

chromium-codecs-ffmpeg-dbg: chromium-codecs-ffmpeg debug symbols

 Debug symbols for the free ffmpeg-mt codecs

chromium-codecs-ffmpeg-extra: Extra ffmpeg codecs for the Chromium Browser

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. In addition to the patent-free ogg, vorbis and
 theora codecs, aac/ac3/mpeg4audio/h264/mov/mp3 are also included. See
 chromium-codecs-ffmpeg if you prefer only the patent-free codecs

chromium-codecs-ffmpeg-extra-dbg: chromium-codecs-ffmpeg-extra debug symbols

 Debug symbols for the extra ffmpeg-mt codecs