Format: 1.8 Date: Mon, 09 Apr 2012 19:38:48 -0500 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg Architecture: source Version: 18.0.1025.151~r130497-0ubuntu0.11.10.1 Distribution: oneiric-security Urgency: low Maintainer: Fabien Tassin Changed-By: Micah Gersten Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-l10n - chromium-browser language packages chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols Launchpad-Bugs-Fixed: 977502 Changes: chromium-browser (18.0.1025.151~r130497-0ubuntu0.11.10.1) oneiric-security; urgency=low . * New upstream release from the Stable Channel (LP: #977502) - black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371) - CSS not applied to element (Issue: 114667) - Regression rendering a div with background gradient and borders (Issue: 113726) - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285) - Multiple crashes (Issues: 72235, 116825 and 92998) - Pop-up dialog is at wrong position (Issue: 116045) - HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165) - SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252) This release fixes the following security issues: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). Checksums-Sha1: 50feb75ea7cb2d01e60445cb20419aa39bd51400 2479 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.10.1.dsc 8a4ccb75466e9612ee7a20d1db0944b6fc24f755 205386 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.10.1.diff.gz Checksums-Sha256: bf5e85d79fbe5386e1caf9b9cd184c71b219ff909c6f214d0975e122cf318b8c 2479 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.10.1.dsc 46c29b1a62e48f0b79ee302c28bb64db203b438f61133ed2e1106d53746829bf 205386 chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.10.1.diff.gz Files: 58ba66e3d9275a799e8254981ff3c4ac 2479 web optional chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.10.1.dsc f5e9a78dfaaeceff9dc8c65d4cdc135e 205386 web optional chromium-browser_18.0.1025.151~r130497-0ubuntu0.11.10.1.diff.gz