[Bug 1468666] Re: Chromium VERSION on Ubuntu 12.04 LTS

Mon, 29 Jun 2015 06:01:30 -0700 

Due to missing security updates, the available chromium-browser in
precise is vulnerable to a number of security weaknesses, among others

  * Upstream release 43.0.2357.65:
    - CVE-2015-1252: Sandbox escape in Chrome.
    - CVE-2015-1253: Cross-origin bypass in DOM.
    - CVE-2015-1254: Cross-origin bypass in Editing.
    - CVE-2015-1255: Use-after-free in WebAudio.
    - CVE-2015-1256: Use-after-free in SVG.
    - CVE-2015-1251: Use-after-free in Speech.
    - CVE-2015-1257: Container-overflow in SVG.
    - CVE-2015-1258: Negative-size parameter in Libvpx.
    - CVE-2015-1259: Uninitialized value in PDFium.
    - CVE-2015-1260: Use-after-free in WebRTC.
    - CVE-2015-1261: URL bar spoofing.
    - CVE-2015-1262: Uninitialized value in Blink.
    - CVE-2015-1263: Insecure download of spellcheck dictionary.
    - CVE-2015-1264: Cross-site scripting in bookmarks.
    - CVE-2015-1265: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
      (currently 4.3.61.21).
  * Upstream release 42.0.2311.135:
    - CVE-2015-1243: Use-after-free in DOM.
    - CVE-2015-1250: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 42.0.2311.90:
    - CVE-2015-1235: Cross-origin-bypass in HTML parser.
    - CVE-2015-1236: Cross-origin-bypass in Blink.
    - CVE-2015-1237: Use-after-free in IPC.
    - CVE-2015-1238: Out-of-bounds write in Skia.
    - CVE-2015-1240: Out-of-bounds read in WebGL.
    - CVE-2015-1241: Tap-Jacking.
    - CVE-2015-1242: Type confusion in V8.
    - CVE-2015-1244: HSTS bypass in WebSockets.
    - CVE-2015-1245: Use-after-free in PDFium.
    - CVE-2015-1247: Scheme issues in OpenSearch.
    - CVE-2015-1248: SafeBrowsing bypass.
  * Upstream release 41.0.2272.118:
    - CVE-2015-1233: A special thanks to Anonymous for a combination of V8,
      Gamepad and IPC bugs that can lead to remote code execution outside of
      the sandbox.
    - CVE-2015-1234: Buffer overflow via race condition in GPU.
etc. etc. (just look at the change history of the 39.* to 43.* versions)

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1233

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1234

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1235

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1236

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1237

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1238

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1240

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1241

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1242

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1243

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1244

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1245

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1247

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1248

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1250

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1251

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1252

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1253

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1254

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1255

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1256

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1257

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1258

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1259

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1260

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1261

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1262

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1263

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1264

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1265

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1468666

Title:
  Chromium VERSION on Ubuntu 12.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1468666/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to