This bug was fixed in the package chromium-browser -
23.0.1271.97-0ubuntu0.12.04.1
---------------
chromium-browser (23.0.1271.97-0ubuntu0.12.04.1) precise-security; urgency=low
* Omit resources/extension/demo files from any packaging verification
because they're unwanted.
* Update README.source to include some of these changes.
* Drop "lzma" from build dependencies.
* Make most patches follow a common format (no timestamps), to avoid
future churn.
* debian/patches/chromium_useragent.patch.in renamed to drop ".in",
OS "Ubuntu" hardcoded with no compilation-release name, and patch
refreshed to follow new location of source.
* In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
to be safer and faster.
* Also don't include python bytecode or cache files in orig tarball,
and clean then up on "clean" rule.
* Write the "REMOVED" list files to the root of the orig tarball,
instead of inside the src/ directory, where they could collide.
* Fix dpkg-source warning: Clean up python cached bytecode files.
* Fix dpkg-source warning: Remove autoconf cache.
* Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
* Fix lintian error not-binnmuable-all-depends-any.
* Override lintian complaints ancient-autotools-helper-file and
unused-build-dependency-on-cdbs.
* debian/patches/arm-neon.patch added to get ARM w/o Neon support.
(LP: #1084852)
* In debian/rules, avoid creating invalid subst expression in sed
of DEBIAN* vars into files.
* Remove unnecessary glib-header-single-entry.patch .
* Add patches/struct-siginfo.patch to work around source bug in dereferencing
internal stuct instead of public type.
* New upstream version 23.0.1271.97
- CVE-2012-5139: Use-after-free with visibility events.
- CVE-2012-5140: Use-after-free in URL loader.
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
- CVE-2012-5142: Crash in history navigation.
- CVE-2012-5143: Integer overflow in PPAPI image buffers.
- CVE-2012-5144: Stack corruption in AAC decoding.
chromium-browser (23.0.1271.95-0ubuntu0.12.04.1) UNRELEASED; urgency=low
[ Micah Gersten <mic...@ubuntu.com> ]
* New upstream version 23.0.1271.95 (LP: #1086613)
- CVE-2012-5138: Incorrect file path handling.
- CVE-2012-5137: Use-after-free in media source handling.
* Hardcode Ubuntu in Chromium user agent patch; Drop release specific part
similar to what was done with Firefox; Drop from subst_files in rules
- rename debian/patches/chromium_useragent.patch.in =>
debian/patches/chromium_useragent.patch
- update debian/patches/chromium_useragent.patch
- update debian/rules
* Disable user agent patch for the moment as it doesn't apply cleanly
- update debian/patches/series
* Switch to xz binary packages, use Pre-Depends on dpkg (>= 1.15.6~)
- update debian/control
* Drop armhf FTBFS patch as it's been superseded by upstream changes
- drop debian/patches/fix-armhf-ftbfs.patch
- update debian/patches/series
[ Chad Miller <chad.mil...@canonical.com> ]
* Add localization support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms.
* No longer include Launchpad-generated translations.
* Disable grd_parse_fix.patch
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Make system-v8 patch use "type none" instead of "type settings".; Leave
Patch disabled
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* Drop SCM revision from the version.
* New upstream version 23.0.1271.91
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia.
- CVE-2012-5132: Browser crash with chunked encoding.
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
* Includes CVE fixes for 23.0.1271.64
- CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
handling.
- CVE-2012-5120: Out-of-bounds array access in v8.
- CVE-2012-5116: Use-after-free in SVG filter handling.
- CVE-2012-5121: Use-after-free in video layout.
- CVE-2012-5117: Inappropriate load of SVG subresource in img context.
- CVE-2012-5119: Race condition in Pepper buffer handling.
- CVE-2012-5122: Bad cast in input handling.
- CVE-2012-5123: Out-of-bounds reads in Skia.
- CVE-2012-5124: Memory corruption in texture handling.
- CVE-2012-5125: Use-after-free in extension tab handling.
- CVE-2012-5126: Use-after-free in plug-in placeholder handling.
- CVE-2012-5128: Bad write in v8.
* Includes CVE fixes for 22.0.1229.94
- CVE-2012-5112: SVG use-after-free and IPC arbitrary file write.
* Includes CVE fixes for 22.0.1229.92
- CVE-2012-2900: Crash in Skia text rendering.
- CVE-2012-5108: Race condition in audio device handling.
- CVE-2012-5109: OOB read in ICU regex.
- CVE-2012-5110: Out-of-bounds read in compositor.
- CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins.
* Includes CVE fixes for 22.0.1229.79
- CVE-2012-2889: UXSS in frame handling.
- CVE-2012-2886: UXSS in v8 bindings.
- CVE-2012-2881: DOM tree corruption with plug-ins.
- CVE-2012-2876: Buffer overflow in SSE2 optimizations.
- CVE-2012-2883: Out-of-bounds write in Skia.
- CVE-2012-2887: Use-after-free in onclick handling.
- CVE-2012-2888: Use-after-free in SVG text references.
- CVE-2012-2894: Crash in graphics context handling.
- CVE-2012-2877: Browser crash with extensions and modal dialogs.
- CVE-2012-2879: DOM topology corruption.
- CVE-2012-2884: Out-of-bounds read in Skia.
- CVE-2012-2874: Out-of-bounds write in Skia.
- CVE-2012-2878: Use-after-free in plug-in handling.
- CVE-2012-2880: Race condition in plug-in paint buffer.
- CVE-2012-2882: Wild pointer in OGG container handling.
- CVE-2012-2885: Possible double free on exit.
- CVE-2012-2891: Address leak over IPC.
- CVE-2012-2892: Pop-up block bypass.
- CVE-2012-2893: Double free in XSL transforms.
* Includes CVE fixes for 21.0.1180.89
- CVE-2012-2865: Out-of-bounds read in line breaking.
- CVE-2012-2866: Bad cast with run-ins.
- CVE-2012-2867: Browser crash with SPDY.
- CVE-2012-2868: Race condition with workers and XHR.
- CVE-2012-2869: Avoid stale buffer in URL loading.
- CVE-2012-2870: Lower severity memory management issues in XPath.
- CVE-2012-2871: Bad cast in XSL transforms.
- CVE-2012-2872: XSS in SSL interstitial.
* Includes CVE fixes for 21.0.1180.57
- CVE-2012-2846: Cross-process interference in renderers.
- CVE-2012-2847: Missing re-prompt to user upon excessive downloads.
- CVE-2012-2848: Overly broad file access granted after drag+drop.
- CVE-2012-2849: Off-by-one read in GIF decoder.
- CVE-2012-2853: webRequest can interfere with the Chrome Web Store.
- CVE-2012-2854: Leak of pointer values to WebUI renderers.
- CVE-2012-2857: Use-after-free in CSS DOM.
- CVE-2012-2858: Buffer overflow in WebP decoder.
- CVE-2012-2859: Crash in tab handling.
- CVE-2012-2860: Out-of-bounds access when clicking in date picker.
* Includes CVE fixes for 20.0.1132.57
- CVE-2012-2842: Use-after-free in counter handling.
- CVE-2012-2843: Use-after-free in layout height tracking.
-- Chad Miller <chad.mil...@canonical.com> Sat, 12 Jan 2013 18:49:00 -0600
** Changed in: chromium-browser (Ubuntu Precise)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2842
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2843
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2846
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2847
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2848
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2849
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2853
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2854
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2857
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2858
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2859
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2860
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2865
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2866
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2867
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2868
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2869
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2870
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2871
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2872
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2874
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2876
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2877
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2878
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2879
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2880
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2881
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2882
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2883
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2884
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2885
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2886
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2887
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2888
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2889
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2891
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2892
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2893
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2894
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2900
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5108
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5109
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5110
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5111
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5112
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5116
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5117
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5119
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5120
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5121
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5122
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5123
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5124
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5125
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5126
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5127
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5128
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5130
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5132
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5133
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5134
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5135
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5136
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5137
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5138
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5139
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5140
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5141
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5142
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5143
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5144
** Changed in: chromium-browser (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3083
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3084
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3085
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3086
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3087
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3088
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3089
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3090
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3091
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3092
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3093
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3094
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3095
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3096
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3100
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3101
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3102
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3103
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3104
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3105
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3106
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3107
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3108
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3109
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3111
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3115
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2807
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2815
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2817
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2818
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2819
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2820
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2821
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2823
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2824
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2825
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2826
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2829
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2830
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2831
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2834
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1084852
Title:
Chromium still tries to enable NEON on arm* builds when told not to
To manage notifications about this bug go to:
https://bugs.launchpad.net/chromium-browser/+bug/1084852/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
