Please update to 29.0.1547.57
Bug #1215361 reported by
ilf
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
And again a new stable release with lots of security fixes: http://
Here are the CVEs:
CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29).
CVE-2013-2900: Incomplete path sanitization in file handling.
CVE-2013-2901: Integer overflow in ANGLE.
CVE-2013-2902: Use after free in XSLT.
CVE-2013-2903: Use after free in media element.
CVE-2013-2904: Use after free in document parsing.
CVE-2013-2905: Information leak via overly broad permissions on shared memory files.
(I should write a script for this.)
information type: | Private Security → Public Security |
description: | updated |
Changed in chromium-browser (Ubuntu): | |
status: | New → Triaged |
Changed in chromium-browser (Ubuntu): | |
status: | Triaged → Fix Committed |
importance: | Undecided → Medium |
To post a comment you must log in.
This bug was fixed in the package chromium-browser - 29.0.1547. 65-0ubuntu1
--------------- 65-0ubuntu1) saucy; urgency=low
chromium-browser (29.0.1547.
* New release 29.0.1547.65. patches/ duckduckgo. patch: Include DuckDuckGo in search-engine patches/ search- credit. patch: Update URLs. patches/ disable_ dlog_and_ dcheck_ in_release_ builds. patch, patches/ wehkit_ rev_parser. patch, chromium- browser. sh.in: Include command-line parameters for completeness checker. chromium- browser. dirs: Add reference to /usr/share/ chromium- browser, patches/ extensions- directory. patch: Use a /usr/share/ directory that
* New release 29.0.1547.62.
* New release 29.0.1547.57: (LP: #1215361)
- CVE-2013-2900: Incomplete path sanitization in file handling.
- CVE-2013-2905: Information leak via overly broad permissions on shared
memory files.
- CVE-2013-2901: Integer overflow in ANGLE.
- CVE-2013-2902: Use after free in XSLT.
- CVE-2013-2903: Use after free in media element.
- CVE-2013-2904: Use after free in document parsing.
- CVE-2013-2887: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 29).
* debian/
list. [Caine Tighe <~caine>]
* debian/
* debian/
debian/
No longer necessary. Deleted.
* debian/
registered plugins.
* Since we include remoting locales too, also split its locales info
into the -l10n package correctly.
* debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND
breaks build right now.
* debian/rules: Fix packaging-
* debian/rules: Break long expressions into discrete parts in packaging
completeness checker.
* Update webapps patches.
* debian/
expmplary for extension placement.
* debian/
is named with our package, not "chromium". Withouth this, we force global
extensions to violate FHS.
-- Chad MILLER <email address hidden> Thu, 05 Sep 2013 16:47:55 -0400