Security fixes from 31.0.1650.48

Bug #1250579 reported by pcworld on 2013-11-12
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Undecided
Unassigned

Bug Description

Security fixes from 31.0.1650.48 (some of them were classified as "High" severity by the Chromium development team) should be either backported to the respective Chromium versions in all current desktop-supported releases of Ubuntu, or the repositories should be updated to include the new version of Chromium.

Information on the new release can be found at: http://googlechromereleases.blogspot.de/2013/11/stable-channel-update.html

pcworld (pcworld) on 2013-11-12
information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in chromium-browser (Ubuntu):
status: New → Confirmed
Chad Miller (cmiller) on 2013-12-02
Changed in chromium-browser (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package chromium-browser - 31.0.1650.63-0ubuntu0.13.10.1~20131204.1

---------------
chromium-browser (31.0.1650.63-0ubuntu0.13.10.1~20131204.1) saucy-security; urgency=low

  * Release to stage at ppa:canonical-chromium-builds/stage

chromium-browser (31.0.1650.63-0ubuntu0.13.10.1) saucy-security; urgency=low

  * New release 31.0.1650.63:
    - CVE-2013-6634: Session fixation in sync related to 302 redirects.
    - CVE-2013-6635: Use-after-free in editing.
    - CVE-2013-6636: Address bar spoofing related to modal dialogs.
    - CVE-2013-6637: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
      3.22.24.7.
    - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
      version 3.22.24.7.
    - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
      version 3.22.24.7.

chromium-browser (31.0.1650.57-0ubuntu0.13.10.3) saucy-security; urgency=low

  * debian/control: Drop libnss version number in Depends. We only need to
    recompile. (LP: #1251454)

chromium-browser (31.0.1650.57-0ubuntu0.13.10.2) saucy-security; urgency=low

  * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
    in apport reports.
  * debian/control: Abandon nss transitional package as Dependency, and add
    real package with epoch version number.

chromium-browser (31.0.1650.57-0ubuntu0.13.10.1) saucy-security; urgency=low

  * New release 31.0.1650.57:
    - CVE-2013-6632: Multiple memory corruption issues.
  * New release 31.0.1650.48: (LP: #1250579)
    - CVE-2013-6621: Use after free related to speech input elements.
    - CVE-2013-6622: Use after free related to media elements.
    - CVE-2013-6623: Out of bounds read in SVG.
    - CVE-2013-6624: Use after free related to "id" attribute strings.
    - CVE-2013-6625: Use after free in DOM ranges.
    - CVE-2013-6626: Address bar spoofing related to interstitial warnings.
    - CVE-2013-6627: Out of bounds read in HTTP parsing.
    - CVE-2013-6628: Issue with certificates not being checked during TLS
      renegotiation.
    - CVE-2013-2931: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
    - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
    - CVE-2013-6631: Use after free in libjingle.
  * debian/chromium-chromedriver.install: Drop unsupported, broken old
    chromedriver v1 and add chromedriver2.
  * Update webapps patches.
  * Disable chromedriver testing until the new server-test client dependencies
    are figured out.
  * Drop base_unittests and automated_ui_tests build and automatic test and
    from installation exclusion.
  * Include wildcat package 'pepflashplugin-nonfree' in apport reportting.

chromium-browser (30.0.1599.114-0ubuntu0.13.10.3) saucy-security; urgency=low

  * debian/patches/menu-bar-visible.patch: Don't treat object as object
    reference.
  * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
    introduced in menu-bar-visible patch.
  * debian/rules: Fix...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package chromium-browser - 31.0.1650.63-0ubuntu0.12.04.1~20131204.1

---------------
chromium-browser (31.0.1650.63-0ubuntu0.12.04.1~20131204.1) precise-security; urgency=low

  * Release to stage at ppa:canonical-chromium-builds/stage

chromium-browser (31.0.1650.63-0ubuntu0.12.04.1) precise-security; urgency=low

  * New release 31.0.1650.63:
    - CVE-2013-6634: Session fixation in sync related to 302 redirects.
    - CVE-2013-6635: Use-after-free in editing.
    - CVE-2013-6636: Address bar spoofing related to modal dialogs.
    - CVE-2013-6637: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
      3.22.24.7.
    - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
      version 3.22.24.7.
    - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
      version 3.22.24.7.

chromium-browser (31.0.1650.57-0ubuntu0.12.04.3) precise-security; urgency=low

  * debian/control: Drop libnss version number in Depends. We only need to
    recompile. (LP: #1251454)

chromium-browser (31.0.1650.57-0ubuntu0.12.04.2) precise-security; urgency=low

  * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
    in apport reports.
  * debian/control: Abandon nss transitional package as Dependency, and add
    real package with epoch version number.

chromium-browser (31.0.1650.57-0ubuntu0.12.04.1) precise-security; urgency=low

  * New release 31.0.1650.57:
    - CVE-2013-6632: Multiple memory corruption issues.
  * New release 31.0.1650.48: (LP: #1250579)
    - CVE-2013-6621: Use after free related to speech input elements.
    - CVE-2013-6622: Use after free related to media elements.
    - CVE-2013-6623: Out of bounds read in SVG.
    - CVE-2013-6624: Use after free related to "id" attribute strings.
    - CVE-2013-6625: Use after free in DOM ranges.
    - CVE-2013-6626: Address bar spoofing related to interstitial warnings.
    - CVE-2013-6627: Out of bounds read in HTTP parsing.
    - CVE-2013-6628: Issue with certificates not being checked during TLS
      renegotiation.
    - CVE-2013-2931: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
    - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
    - CVE-2013-6631: Use after free in libjingle.
  * Drop base_unittests and automated_ui_tests build and automatic test and
    from installation exclusion.
  * Include wildcat package 'pepflashplugin-nonfree' in apport reportting.

chromium-browser (30.0.1599.114-0ubuntu0.12.04.5) precise; urgency=low

  * Re-add binutils-gold Build-depends for amd64 only. FTBFS. LP: #1249389

chromium-browser (30.0.1599.114-0ubuntu0.12.04.4) precise-security; urgency=low

  * debian/patches/menu-bar-visible.patch: Don't treat object as object
    reference.
  * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
    introduced in menu-bar-visible patch.
  * debian/rules: Fix typo of Precise conditional.
  * debian/patches/cr30-sandbox-async-signal-safe....

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.0 KiB)

This bug was fixed in the package chromium-browser - 31.0.1650.63-0ubuntu0.12.10.1~20131204.1

---------------
chromium-browser (31.0.1650.63-0ubuntu0.12.10.1~20131204.1) quantal-security; urgency=low

  * Release to stage at ppa:canonical-chromium-builds/stage

chromium-browser (31.0.1650.63-0ubuntu0.12.10.1) quantal-security; urgency=low

  * New release 31.0.1650.63:
    - CVE-2013-6634: Session fixation in sync related to 302 redirects.
    - CVE-2013-6635: Use-after-free in editing.
    - CVE-2013-6636: Address bar spoofing related to modal dialogs.
    - CVE-2013-6637: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
      3.22.24.7.
    - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
      version 3.22.24.7.
    - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
      version 3.22.24.7.

chromium-browser (31.0.1650.57-0ubuntu0.12.10.3) quantal-security; urgency=low

  * debian/control: Drop libnss version number in Depends. We only need to
    recompile. (LP: #1251454)

chromium-browser (31.0.1650.57-0ubuntu0.12.10.2) quantal-security; urgency=low

  * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
    in apport reports.
  * debian/control: Abandon nss transitional package as Dependency, and add
    real package with epoch version number.

chromium-browser (31.0.1650.57-0ubuntu0.12.10.1) quantal-security; urgency=low

  * New release 31.0.1650.57:
    - CVE-2013-6632: Multiple memory corruption issues.
  * New release 31.0.1650.48: (LP: #1250579)
    - CVE-2013-6621: Use after free related to speech input elements.
    - CVE-2013-6622: Use after free related to media elements.
    - CVE-2013-6623: Out of bounds read in SVG.
    - CVE-2013-6624: Use after free related to "id" attribute strings.
    - CVE-2013-6625: Use after free in DOM ranges.
    - CVE-2013-6626: Address bar spoofing related to interstitial warnings.
    - CVE-2013-6627: Out of bounds read in HTTP parsing.
    - CVE-2013-6628: Issue with certificates not being checked during TLS
      renegotiation.
    - CVE-2013-2931: Various fixes from internal audits, fuzzing and other
      initiatives.
    - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
    - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
    - CVE-2013-6631: Use after free in libjingle.
  * Update webapps patches.
  * Drop base_unittests and automated_ui_tests build and automatic test and
    from installation exclusion.
  * Include wildcat package 'pepflashplugin-nonfree' in apport reportting.

chromium-browser (30.0.1599.114-0ubuntu0.12.10.3) quantal-security; urgency=low

  * debian/patches/menu-bar-visible.patch: Don't treat object as object
    reference.
  * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
    introduced in menu-bar-visible patch.
  * debian/rules: Fix typo of Precise conditional.
  * debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make
    SIGSYS handler in sandbox safe and never call itself. (LP: #1195797)
  * debian/rules, debian/...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers