This bug was fixed in the package chromium-browser -
11.0.696.57~r82915-0ubuntu0.10.04.1
---------------
chromium-browser (11.0.696.57~r82915-0ubuntu0.10.04.1) lucid-security;
urgency=high
* New Major upstream release from the Stable Channel (LP: #771935)
This release fixes the following security issues:
+ WebKit issues:
- [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
Credit to Scott Hess of the Chromium development community and Martin
Barbella.
- [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
Chamal De Silva.
- [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
Credit to Kostya Serebryany of the Chromium development community.
- [73526] High, CVE-2011-1437: Integer overflows in float rendering.
Credit to miaubiz.
- [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
Credit to kuzzcc.
- [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Credit to Jose A. Vazquez.
- [75347] High, CVE-2011-1441: Bad cast with floating select lists.
Credit to Michael Griffiths.
- [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
Credit to Sergey Glazunov and wushi of team 509.
- [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
Martin Barbella.
- [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
wushi of team509.
- [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
with navigation errors and interrupted loads. Credit to kuzzcc.
- [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
Credit to miaubiz.
- [77130] High, CVE-2011-1448: Stale pointer in height calculations.
Credit to wushi of team509.
- [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
Marek Majkowski.
- [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
Sergey Glazunov.
- [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
to Sergey Glazunov.
+ Chromium issues:
- [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
Credit to Aki Helin.
- [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
capture local files. Credit to Cole Snodgrass.
- [72910] Low, CVE-2011-1436: Possible browser crash due to bad
interaction with X. Credit to miaubiz.
- [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
to Dan Rosenberg.
- [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
to kuzzcc.
- [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
reload. Credit to Jordi Chancel.
- [74763] High, CVE-2011-1439: Prevent interference between renderer
processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
- add debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
- update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
- update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
- update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
the Launchpad translations already used in Ubuntu since Chromium 8)
- update debian/rules
-- Fabien Tassin <[email protected]> Wed, 27 Apr 2011 17:31:35 +0200
** Changed in: chromium-browser (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1303
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1304
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1305
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1434
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1435
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1436
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1437
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1438
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1439
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1440
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1441
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1442
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1443
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1444
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1445
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1446
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1447
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1448
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1449
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1450
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1451
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1452
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1454
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/748881
Title:
Update SVG logo
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
