This bug was fixed in the package chromium-browser -
31.0.1650.63-0ubuntu0.13.10.1~20131204.1
---------------
chromium-browser (31.0.1650.63-0ubuntu0.13.10.1~20131204.1) saucy-security;
urgency=low
* Release to stage at ppa:canonical-chromium-builds/stage
chromium-browser (31.0.1650.63-0ubuntu0.13.10.1) saucy-security;
urgency=low
* New release 31.0.1650.63:
- CVE-2013-6634: Session fixation in sync related to 302 redirects.
- CVE-2013-6635: Use-after-free in editing.
- CVE-2013-6636: Address bar spoofing related to modal dialogs.
- CVE-2013-6637: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
3.22.24.7.
- CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
version 3.22.24.7.
- CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
version 3.22.24.7.
chromium-browser (31.0.1650.57-0ubuntu0.13.10.3) saucy-security;
urgency=low
* debian/control: Drop libnss version number in Depends. We only need to
recompile. (LP: #1251454)
chromium-browser (31.0.1650.57-0ubuntu0.13.10.2) saucy-security;
urgency=low
* debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
in apport reports.
* debian/control: Abandon nss transitional package as Dependency, and add
real package with epoch version number.
chromium-browser (31.0.1650.57-0ubuntu0.13.10.1) saucy-security;
urgency=low
* New release 31.0.1650.57:
- CVE-2013-6632: Multiple memory corruption issues.
* New release 31.0.1650.48: (LP: #1250579)
- CVE-2013-6621: Use after free related to speech input elements.
- CVE-2013-6622: Use after free related to media elements.
- CVE-2013-6623: Out of bounds read in SVG.
- CVE-2013-6624: Use after free related to "id" attribute strings.
- CVE-2013-6625: Use after free in DOM ranges.
- CVE-2013-6626: Address bar spoofing related to interstitial warnings.
- CVE-2013-6627: Out of bounds read in HTTP parsing.
- CVE-2013-6628: Issue with certificates not being checked during TLS
renegotiation.
- CVE-2013-2931: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
- CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
- CVE-2013-6631: Use after free in libjingle.
* debian/chromium-chromedriver.install: Drop unsupported, broken old
chromedriver v1 and add chromedriver2.
* Update webapps patches.
* Disable chromedriver testing until the new server-test client dependencies
are figured out.
* Drop base_unittests and automated_ui_tests build and automatic test and
from installation exclusion.
* Include wildcat package 'pepflashplugin-nonfree' in apport reportting.
chromium-browser (30.0.1599.114-0ubuntu0.13.10.3) saucy-security;
urgency=low
* debian/patches/menu-bar-visible.patch: Don't treat object as object
reference.
* debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
introduced in menu-bar-visible patch.
* debian/rules: Fix typo of Precise conditional.
* debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make
SIGSYS handler in sandbox safe and never call itself. (LP: #1195797)
* debian/rules, debian/control: Use standard hardening flags, not
hardening-wrapper.
* debian/control: Build-depend on binutils, which already includes gold
linker.
* debian/control: Drop some unused build-deps: autotools-dev, binutils,
flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64],
libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev,
libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev,
libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev,
libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev,
patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev,
* debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes
tab titles disappear due to a pango bug.
* debian/tests/control: Drop Depends on obselete package
libunity-webapps-chromium.
-- Chad MILLER <[email protected]> Mon, 09 Dec 2013 21:48:03 -0500
** Changed in: chromium-browser (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2931
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6621
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6622
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6623
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6624
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6625
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6626
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6627
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6628
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6629
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6630
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6631
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6632
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6634
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6635
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6636
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6637
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6638
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6639
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6640
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1251454
Title:
chromium-browser fails to depend on a compatible version of libnss3
Status in “chromium-browser” package in Ubuntu:
Fix Released
Bug description:
$ chromium-browser
[2814:2839:1114/141949:FATAL:nss_util.cc(396)] NSS_VersionCheck("3.14.3")
failed. NSS >= 3.14.3 is required. Please upgrade to the latest NSS, and if you
still get this error, contact your distribution maintainer.
$
this fixes it:
# apt-get install libnss3
So obviously the chromium-browser package should have a Depends: so
that apt-get / aptitude will get the right library at install-time
rather than failing at runtime
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: chromium-browser 30.0.1599.114-0ubuntu0.12.04.3
ProcVersionSignature: Ubuntu 3.2.0-38.40-lowlatency-pae 3.2.37
Uname: Linux 3.2.0-38-lowlatency-pae i686
ApportVersion: 2.0.1-0ubuntu8
Architecture: i386
Date: Thu Nov 14 14:23:08 2013
Desktop-Session:
DESKTOP_SESSION = None
XDG_CONFIG_DIRS = None
XDG_DATA_DIRS = None
Env:
MOZ_PLUGIN_PATH = None
LD_LIBRARY_PATH = None
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release i386
(20120424.1)
ProcEnviron:
LANGUAGE=en_US:en
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: chromium-browser
UpgradeStatus: No upgrade log present (probably fresh install)
chromium-default: CHROMIUM_FLAGS=""
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1251454/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
