This bug was fixed in the package chromium-browser -
18.0.1025.142~r129054-0ubuntu0.11.10.1
---------------
chromium-browser (18.0.1025.142~r129054-0ubuntu0.11.10.1) oneiric-security;
urgency=low
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
chromium-browser (17.0.963.83~r127885-0ubuntu0.11.10.1) oneiric-
security; urgency=low
* New upstream release from the Stable Channel (LP: #961831)
This release fixes the following security issues:
- [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
to Glenn Randers-Pehrson of the libpng project.
- [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
Credit to Ben Vanik of Google.
- [116746] High CVE-2011-3053: Use-after-free in block splitting.
Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui
privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation. Credit to PinkiePie.
- [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
Credit to Sergey Glazunov.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
-- Micah Gersten <mic...@ubuntu.com> Mon, 02 Apr 2012 11:29:42 -0500
** Changed in: chromium-browser (Ubuntu Oneiric)
Status: Fix Committed => Fix Released
** Bug watch added: code.google.com/p/chromium/issues #79050
http://code.google.com/p/chromium/issues/detail?id=79050
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3058
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3059
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3060
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3061
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3062
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3063
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3064
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3065
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/961831
Title:
Update to 17.0.963.83
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/961831/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
