Format: 1.8
Date: Tue, 21 Feb 2012 01:32:50 -0600
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg
Architecture: all i386
Version: 17.0.963.56~r121963-0ubuntu0.11.10.1
Distribution: oneiric
Urgency: low
Maintainer: Ubuntu/amd64 Build Daemon <buildd@roseapple.buildd>
Changed-By: Micah Gersten <micahg@ubuntu.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-l10n - chromium-browser language packages
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols
Launchpad-Bugs-Fixed: 931905 933262
Changes: 
 chromium-browser (17.0.963.56~r121963-0ubuntu0.11.10.1) oneiric-security; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #931905, #933262)
     This release fixes the following security issues from 17.0.963.56:
     - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
       Google Chrome Security Team (scarybeasts).
     - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
       to miaubiz.
     - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
       Credit to miaubiz.
     - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
       Aki Helin of OUSPG.
     - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
       to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
       Google Security Team.
     - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
       Nick Bray of the Chromium development community.
     - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
       Arthur Gerkis.
     - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
       script. Credit to Google Chrome Security Team (Jorge Obes).
     - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
       to pa_kt.
     - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
       Credit to chrometot.
     - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
       to Sławomir Błażek.
     - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
       Credit to Jüri Aedla.
     - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
       miaubiz.
 .
     This release fixes the following security issues from 17.0.963.46:
     - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
       Credit to Daniel Cheng of the Chromium development community.
     - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
       Collin Payne.
     - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
       to David Grogan of the Chromium development community.
     - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
       extensions. Credit to Devdatta Akhawe, UC Berkeley.
     - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
       Credit to Aki Helin of OUSPG.
     - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
       miaubiz.
     - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
       Aki Helin of OUSPG.
     - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
       Credit to Aki Helin of OUSPG.
     - [108871] Critical CVE-2011-3961: Race condition after crash of utility
       process. Credit to Shawn Goertzen.
     - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
       to Aki Helin of OUSPG.
     - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
       handling. Credit to Atte Kettunen of OUSPG.
     - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
       Code Audit Labs of VulnHunt.com.
     - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
       Błażek.
     - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
       Credit to Aki Helin of OUSPG.
     - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
       Carrillo.
     - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
       Arthur Gerkis.
     - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
       Arthur Gerkis.
     - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
       Aki Helin of OUSPG.
     - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
       to Arthur Gerkis.
     - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
       Credit to Google Chrome Security Team (Inferno).
 .
   * Rebase patch
     - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
   * Update .install file to just install all .pak files instead of listing them
     by name
     - update debian/chromium-browser.install
Checksums-Sha1: 
 1ef24767cefe8abdb3be57392738d387f1ba1a43 2013390 chromium-browser-l10n_17.0.963.56~r121963-0ubuntu0.11.10.1_all.deb
 12462b2bb421c2a7737bb0b8688bd030dc4e695d 20193242 chromium-browser_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 f19b36c00ae3c7270d65dbb167b9fbc147682f00 2923896 chromium-browser-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 efc7311831af908638d95b14ca94bd0792d66908 401410 chromium-codecs-ffmpeg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 6cf6a6a58a94b50feab9a9ab7e1a2d7e676a813f 682840 chromium-codecs-ffmpeg-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 f298da9f2b04e9af34f60ff5155ac9ab63099c13 651890 chromium-codecs-ffmpeg-extra_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 00eca2ab3a5cfc7a38b3583add26da1b5cea8c30 1191832 chromium-codecs-ffmpeg-extra-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
Checksums-Sha256: 
 3a27ab06e14542be1c393d8ad84d20c827fc2c7611d0aa1f90f482e856f048db 2013390 chromium-browser-l10n_17.0.963.56~r121963-0ubuntu0.11.10.1_all.deb
 e105e27c0ed1108293c74fb6f19ae77e434e8c27b27f3e939e1fded1dd931623 20193242 chromium-browser_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 b8088ab7742868171805b18dd51866ec4a3607fe5e249e41fbd62c47abad4e79 2923896 chromium-browser-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 bd62b2f940cb06f15c3a2be293592c9a8475060b46e38fd74e17fcea7e668e29 401410 chromium-codecs-ffmpeg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 85c97711ef87c75a77bf3ed45d49ed4cc693810519bbe4843ed4fb9ed87004e4 682840 chromium-codecs-ffmpeg-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 5c1e6dea66ee18781babfd740599df7d47b9cd507d86fbdbe3b7a1e7e0e6786d 651890 chromium-codecs-ffmpeg-extra_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 46d49fc95b3d80acf7ed8131971c8bcd8b513c503e6de1953f7142ec8710e8b0 1191832 chromium-codecs-ffmpeg-extra-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
Files: 
 22e22b20915268d06fd36f06b1c13986 2013390 web optional chromium-browser-l10n_17.0.963.56~r121963-0ubuntu0.11.10.1_all.deb
 16653dc8e378b73243d4cd65cdb78fb1 20193242 web optional chromium-browser_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 9316ed89e88278e0d92ed37be2292159 2923896 devel optional chromium-browser-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 07e8c78d0a62b3117f66605aa8f63ea2 401410 web optional chromium-codecs-ffmpeg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 4f444a53eb47e825f9dd7a2f1b7cf7b4 682840 debug extra chromium-codecs-ffmpeg-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 ddc89d6c5fa92e204126f68c438163df 651890 web optional chromium-codecs-ffmpeg-extra_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb
 44619a981768d05fb2b903efb18796f9 1191832 debug extra chromium-codecs-ffmpeg-extra-dbg_17.0.963.56~r121963-0ubuntu0.11.10.1_i386.deb