Format: 1.8 Date: Mon, 09 Apr 2012 19:32:52 -0500 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg chromium-codecs-ffmpeg-nonfree chromium-codecs-ffmpeg-nonfree-dbg Architecture: source Version: 18.0.1025.151~r130497-0ubuntu0.11.04.1 Distribution: natty-security Urgency: low Maintainer: Fabien Tassin Changed-By: Micah Gersten Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-inspector - page inspector for the chromium-browser - transitional package chromium-browser-l10n - chromium-browser language packages chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols chromium-codecs-ffmpeg-nonfree - dummy upgrade package chromium-codecs-ffmpeg-nonfree-dbg - dummy upgrade package Launchpad-Bugs-Fixed: 977502 Changes: chromium-browser (18.0.1025.151~r130497-0ubuntu0.11.04.1) natty-security; urgency=low . * New upstream release from the Stable Channel (LP: #977502) - black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371) - CSS not applied to element (Issue: 114667) - Regression rendering a div with background gradient and borders (Issue: 113726) - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285) - Multiple crashes (Issues: 72235, 116825 and 92998) - Pop-up dialog is at wrong position (Issue: 116045) - HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165) - SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252) This release fixes the following security issues: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). Checksums-Sha1: 9d412b49a5d801912608949a595aa45c643fa86a 2700 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.04.1.dsc 7ff75d56bd53582e4f1260945dbb44dfd9f11140 201630 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.04.1.diff.gz Checksums-Sha256: 2a80eea626b9b07c1744041dde9c4b41c325124be433828b7df80c9484de1834 2700 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.04.1.dsc 7a205a59538ad35b0b74be790d4a3c627164a3ccc1cba173b36c3cc591f3cc1e 201630 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.04.1.diff.gz Files: 8e028d053196ed66bbda858259d2efa5 2700 web optional chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.04.1.dsc db3284a50ab89d53cb653f8ee54b99f6 201630 web optional chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.04.1.diff.gz