Your message dated Thu, 04 Aug 2011 10:19:51 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-chromium-maint] Bug#636567: chromium-browser: Google
chrome has new upstream release 13.0.782.107
has caused the Debian Bug report #636567,
regarding chromium-browser: Google chrome has new upstream release 13.0.782.107
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
636567: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636567
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chromium-browser
Version: 12.0.742.112~r90304-1
Severity: wishlist
*** Please type your report below this line ***
Hi all,
Google Chrome released 13.0.782.107 and one can find the relevant
posting here :-
http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html
This is the changelog given :-
[75821] Medium CVE-2011-2358: Always confirm an extension install via
a browser dialog. Credit to Sergey Glazunov.
[$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line
box tracking in rendering. Credit to miaubiz and Martin Barbella.
[79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
[79426] Low CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
[Linux only] [81307] Medium CVE-2011-2782: File permissions error with
drag and drop. Credit to Evan Martin of the Chromium development
community.
[83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
[83841] Low CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
[84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
[84600] Low CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
[84805] Medium CVE-2011-2787: Browser crash due to GPU lock
re-entrancy issue. Credit to kuzzcc.
[85559] Low CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
[$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper
plug-in instantiation. Credit to Mario Gomes and kuzzcc.
[$1000] [86502] High CVE-2011-2790: Use-after-free with floating
styles. Credit to miaubiz.
[$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit
to Yang Dingning from NCNIPC, Graduate University of Chinese Academy
of Sciences.
[$1000] [87148] High CVE-2011-2792: Use-after-free with float removal.
Credit to miaubiz.
[$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors.
Credit to miaubiz.
[$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text
iteration. Credit to miaubiz.
[$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit
to Shih Wei-Long.
[87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
[$1000] [87729] High CVE-2011-2797: Use-after-free in resource
caching. Credit to miaubiz.
[87815] Low CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security
Team.
[$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range
handling. Credit to miaubiz.
[$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect
target. Credit to Juho Nurminen.
[$1000] [88591] High CVE-2011-2802: v8 crash with const lookups.
Credit to Christian Holler.
[88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
[$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader.
Credit to miaubiz.
[$1000] [88889] High CVE-2011-2818: Use-after-free in display box
rendering. Credit to Martin Barbella.
[$500] [89142] High CVE-2011-2804: PDF crash with nested functions.
Credit to Aki Helin of OUSPG.
[$1500] [89520] High CVE-2011-2805: Cross-origin script injection.
Credit to Sergey Glazunov.
[$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
basically seem to be lot of security and couple of memory/rendering fixes.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chromium-browser depends on:
ii chromium 12.0.742.112~r90304-1 Chromium browser
chromium-browser recommends no packages.
chromium-browser suggests no packages.
-- no debconf information
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
--- End Message ---
--- Begin Message ---
Version: 13.0.782.107~r94237-1
Uploaded in sid
signature.asc
Description: OpenPGP digital signature
--- End Message ---
