*** This bug is a duplicate of bug 914648 ***
https://bugs.launchpad.net/bugs/914648
This bug was fixed in the package chromium-browser -
16.0.912.77~r118311-0ubuntu1
---------------
chromium-browser (16.0.912.77~r118311-0ubuntu1) precise; urgency=low
* New upstream release from the Stable Channel (LP: #923602, #897389)
(LP: #914648, #889711)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
This upload also includes the following security fixes from 16.0.912.75:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
This upload also includes the following fixes from 15.0.874.121:
- fix to a regression: SVG in iframe doesn't use specified dimensions
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler
[ Micah Gersten <[email protected]> ]
* Add patch to build with glib 2.31 (single entry header inclusion)
- add debian/patches/glib-header-single-entry.patch
- update debian/patches/series
[ Brandon Snider <[email protected]> ]
* Refresh user agent patch
- update debian/patches/chromium_useragent.patch.in
-- Micah Gersten <[email protected]> Mon, 30 Jan 2012 14:43:06 -0600
** Branch linked: lp:~chromium-team/chromium-browser/chromium-
browser.precise
** Changed in: chromium-browser (Ubuntu)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3900
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3903
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3905
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3906
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3907
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3908
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3909
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3910
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3911
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3912
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3913
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3914
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3915
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3916
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3917
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3919
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3921
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3922
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3924
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3925
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3926
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3927
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3928
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/897389
Title:
Update to 15.0.874.121
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/897389/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
