new upstream release: 24.0.1312.56

Bug #1099075 reported by ilf on 2013-01-13
268
This bug affects 3 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Chad Miller
Lucid
High
Chad Miller
Oneiric
High
Chad Miller
Precise
High
Chad Miller
Quantal
High
Chad Miller
Raring
High
Chad Miller

Bug Description

And again a new stable release: 24.0.1312.52.
As always, it comes with *lots* of security fixes (http://googlechromereleases.blogspot.de/2013/01/stable-channel-update.html), including a Flash update (http://helpx.adobe.com/en/flash-player/release-note/fp_115_air_35_release_notes.html)

Please update the Ubuntu package to the newest version and keep it current, as you do with Firefox.

ilf (ilf) on 2013-01-13
information type: Private Security → Public Security
Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Oneiric):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Precise):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Quantal):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
Changed in chromium-browser (Ubuntu Raring):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Chad Miller (cmiller)
description: updated
ilf (ilf) wrote :

And again: 24.0.1312.56

Security fixes:

* [$1000] [151008] High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG.
* [170532] Medium CVE-2013-0840: Missing URL validation when opening new windows.
* [169770] High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google Chrome Security Team (Chris Evans).
* [166867] Medium CVE-2013-0842: Problems with NULL characters embedded in paths. Credit to Google Chrome Security Team (Jüri Aedla).
* [Mac only] [166523] High CVE-2013-0843: Crash with unsupported RTC sampling rate. Credit to Ted Nakamura of the Chromium development community.

I don't know why you edited this out of my original description:

"From a security perspective, having no Chromium package at all would be better than having outdated ones with gaping holes."

summary: - new upstream release: 24.0.1312.52
+ new upstream release: 24.0.1312.56
Changed in chromium-browser (Ubuntu Raring):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

24.0.1312.56 is in raring-proposed with armhf still building. It's also in https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages for the stable releases with amd64 and i386 done (I think) for lucid-quantal. We'll wait for testing to complete and armhf to build before pushing to the archive. Thanks to Chad for getting armhf worked out this time around and providing the packages. This sets us up in very good shape for going forward. :)

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Oneiric):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Quantal):
status: In Progress → Fix Committed

Maybe it'll make sense to not push the release until bug 1106876 is fixed...

Jamie Strandboge (jdstrand) wrote :

Chad told me via IRC that bug 1106876 does not affect what is in the ppa.

Jamie Strandboge (jdstrand) wrote :

There were two regressions on quantal that delayed this. I just sponsored 24.0.1312.56-0ubuntu0.12.10.3 for Chad to https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages.

Fred (eldmannen+launchpad) wrote :

I just want to point out there is a new minor revision release.
The latest version as of this time is 24.0.1312.57.

Fred (eldmannen+launchpad) wrote :
Chad Miller (cmiller) wrote :

It fixes no critical bugs, so .57 does not warrant an update in stable releases. It also does not compile on ARM, so it can not enter Raring.

Launchpad Janitor (janitor) wrote :
Download full text (4.1 KiB)

This bug was fixed in the package chromium-browser - 24.0.1312.56-0ubuntu0.12.10.3

---------------
chromium-browser (24.0.1312.56-0ubuntu0.12.10.3) quantal-security; urgency=low

  * Add comment-markers to debian/patches/series file to make patch import
    easier.
  * debian/chromium-browser.install
    - Install remoting locales
  * debian/patches/gyp-config-root.patch
    - Added. Avoids compilation bug on (at least) ARM.
  * debian/patches/arm-neon.patch
    - Added function to determine NEON functionality in ARM at runtime for
      WebRt library in WebKit.
  * Disable lintian warnings about outdated autoconf files in source tree.
  * New upstream version 24.0.1312.56: (LP: #1099075)
    - CVE-2013-0839: Use-after-free in canvas font handling.
    - CVE-2013-0840: Missing URL validation when opening new windows.
    - CVE-2013-0841: Unchecked array index in content blocking.
    - CVE-2013-0842: Problems with NULL characters embedded in paths.
  * New upstream version 24.0.1312.52:
    - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
      OUSPG.
    - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
      Erling A Ellingsen and Subodh Iyengar, both of Facebook.
    - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
    - CVE-2012-5148: Missing filename sanitization in hyphenation support.
      Credit to Google Chrome Security Team (Justin Schuh).
    - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
      Security Team (Inferno).
    - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
      Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
      Team.
    - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
      Chrome Security Team (Inferno).
    - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
      Rossberg of the Chromium development community.
    - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
      Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
      Security Team.
    - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2013-0829: Corruption of database metadata leading to incorrect file
      access. Credit to Google Chrome Security Team (Jüri Aedla).
    - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
      Security Team (Justin Schuh).
    - CVE-2013-0831: Possible path traversal from extension process. Credit to
      Google Chrome Security Team (Tom Sepez).
    - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-08...

Read more...

Changed in chromium-browser (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package chromium-browser - 24.0.1312.56-0ubuntu0.11.10.1

---------------
chromium-browser (24.0.1312.56-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * debian/chromium-browser.install
    - Install remoting locales
  * Disable lintian warnings about outdated autoconf files in source tree.
  * New upstream version 24.0.1312.56: (LP: #1099075)
    - CVE-2013-0839: Use-after-free in canvas font handling.
    - CVE-2013-0840: Missing URL validation when opening new windows.
    - CVE-2013-0841: Unchecked array index in content blocking.
    - CVE-2013-0842: Problems with NULL characters embedded in paths.
  * New upstream version 24.0.1312.52:
    - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
      OUSPG.
    - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
      Erling A Ellingsen and Subodh Iyengar, both of Facebook.
    - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
    - CVE-2012-5148: Missing filename sanitization in hyphenation support.
      Credit to Google Chrome Security Team (Justin Schuh).
    - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
      Security Team (Inferno).
    - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
      Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
      Team.
    - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
      Chrome Security Team (Inferno).
    - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
      Rossberg of the Chromium development community.
    - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
      Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
      Security Team.
    - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2013-0829: Corruption of database metadata leading to incorrect file
      access. Credit to Google Chrome Security Team (Jüri Aedla).
    - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
      Security Team (Justin Schuh).
    - CVE-2013-0831: Possible path traversal from extension process. Credit to
      Google Chrome Security Team (Tom Sepez).
    - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
      Chrome Security Team (Cris Neckar).
    - CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
    - CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0837: Crash in ...

Read more...

Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package chromium-browser - 24.0.1312.56-0ubuntu0.12.04.1

---------------
chromium-browser (24.0.1312.56-0ubuntu0.12.04.1) precise-security; urgency=low

  * debian/chromium-browser.install
    - Install remoting locales
  * debian/patches/gyp-config-root.patch
    - Added. Avoids compilation bug on (at least) ARM.
  * debian/patches/arm-neon.patch
    - Added function to determine NEON functionality in ARM at runtime for
      WebRt library in WebKit.
  * Disable lintian warnings about outdated autoconf files in source tree.
  * New upstream version 24.0.1312.56: (LP: #1099075)
    - CVE-2013-0839: Use-after-free in canvas font handling.
    - CVE-2013-0840: Missing URL validation when opening new windows.
    - CVE-2013-0841: Unchecked array index in content blocking.
    - CVE-2013-0842: Problems with NULL characters embedded in paths.
  * New upstream version 24.0.1312.52:
    - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
      OUSPG.
    - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
      Erling A Ellingsen and Subodh Iyengar, both of Facebook.
    - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
    - CVE-2012-5148: Missing filename sanitization in hyphenation support.
      Credit to Google Chrome Security Team (Justin Schuh).
    - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
      Security Team (Inferno).
    - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
      Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
      Team.
    - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
      Chrome Security Team (Inferno).
    - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
      Rossberg of the Chromium development community.
    - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
      Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
      Security Team.
    - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2013-0829: Corruption of database metadata leading to incorrect file
      access. Credit to Google Chrome Security Team (Jüri Aedla).
    - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
      Security Team (Justin Schuh).
    - CVE-2013-0831: Possible path traversal from extension process. Credit to
      Google Chrome Security Team (Tom Sepez).
    - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
      Chrome Security Team...

Read more...

Changed in chromium-browser (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.6 KiB)

This bug was fixed in the package chromium-browser - 24.0.1312.56-0ubuntu0.10.04.1

---------------
chromium-browser (24.0.1312.56-0ubuntu0.10.04.1) lucid-security; urgency=low

  * debian/chromium-browser.install
    - Install remoting locales
  * Disable lintian warnings about outdated autoconf files in source tree.
  * New upstream version 24.0.1312.56: (LP: #1099075)
    - CVE-2013-0839: Use-after-free in canvas font handling.
    - CVE-2013-0840: Missing URL validation when opening new windows.
    - CVE-2013-0841: Unchecked array index in content blocking.
    - CVE-2013-0842: Problems with NULL characters embedded in paths.
  * New upstream version 24.0.1312.52:
    - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
      OUSPG.
    - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
      Erling A Ellingsen and Subodh Iyengar, both of Facebook.
    - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
    - CVE-2012-5148: Missing filename sanitization in hyphenation support.
      Credit to Google Chrome Security Team (Justin Schuh).
    - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
      Security Team (Inferno).
    - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
      Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
      Team.
    - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
      Chrome Security Team (Inferno).
    - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
      Rossberg of the Chromium development community.
    - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
      Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
      Security Team.
    - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2013-0829: Corruption of database metadata leading to incorrect file
      access. Credit to Google Chrome Security Team (Jüri Aedla).
    - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
      Security Team (Justin Schuh).
    - CVE-2013-0831: Possible path traversal from extension process. Credit to
      Google Chrome Security Team (Tom Sepez).
    - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
      Chrome Security Team (Cris Neckar).
    - CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
    - CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0837: Crash in ex...

Read more...

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (8.2 KiB)

This bug was fixed in the package chromium-browser - 24.0.1312.56-0ubuntu1

---------------
chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low

  * Add comment-markers to debian/patches/series file to make patch import
    easier.
  * debian/patches/gyp-config-root.patch
    - Added. Avoids compilation bug on (at least) ARM.
  * debian/patches/arm-neon.patch
    - Added function to determine NEON functionality in ARM at runtime for
      WebRt library in WebKit.
  * Update README.source to include some of these changes.
  * Set new URL for channel-release info in rules file.
  * debian/chromium-browser.install
    - No longer install demo extension
    - Install remoting locales
  * debian/patches/chromium_useragent.patch.in renamed to drop ".in",
    OS "Ubuntu" hardcoded with no compilation-release name, and patch
    refreshed to follow new location of source. Also remove it
    from the list of ephemeral files that "clean" rule removes.
  * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
    to be safer and faster.
  * Make most patches follow a common format (no timestamps or Index lines), to
    avoid future churn.
  * Write the "REMOVED" list files to the root of the orig tarball,
    instead of inside the src/ directory, where they could collide.
  * Fix dpkg-source warning: Clean up python cached bytecode files.
  * Also don't include python bytecode or cache files in orig tarball,
    and clean then up on "clean" rule.
  * Fix dpkg-source warning: Remove autoconf cache.
  * Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
  * Fix lintian error not-binnmuable-all-depends-any.
  * Override lintian complaints ancient-autotools-helper-file and
    unused-build-dependency-on-cdbs.
  * Drop "lzma" from build dependencies.
  * Set default binary and source package compression to xz. If
    building for Ubuntu 10.04, then make binary's compression to bzip2.
  * List explicit architectures that Chromium supports, instead of "any".
    Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}.
  * debian/patches/arm-neon.patch added to get ARM w/o Neon support.
    (LP: #1084852)
  * Add chromedriver packaging. (LP: #1069930) Thanks to
    John Rigby <email address hidden>
  * In debian/rules, avoid creating invalid subst expression in sed
    of DEBIAN* vars into files.
  * Note localization in package description for support for ast, bs, en-AU,
    eo, hy, ia, ka, ku, kw, ms.
  * No longer include Launchpad-generated translations. Disable patch
    grd_parse_fix.patch .
  * Set default binary and source package compression to xz. If
    building for Ubuntu 10.04, then make binary's compression to bzip2.
  * No longer expect unpacked tarball to contain "build-tree".
  * Fix build warning about missing debian/source/format. Set to "3.0
    (quilt)".
  * Remove unnecessary glib-header-single-entry.patch .
  * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
    executing program is not dpkg-buildpackage.
  * Make rules file generate LASTCHANGE file at new location.
  * Change get-sources command to kill script when it fails to disable
    gyp-chromium run fr...

Read more...

Changed in chromium-browser (Ubuntu Raring):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers