Comment 7 for bug 743494

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.57~r82915-0ubuntu0.10.04.1

chromium-browser (11.0.696.57~r82915-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New Major upstream release from the Stable Channel (LP: #771935)
    This release fixes the following security issues:
    + WebKit issues:
      - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
        Credit to Scott Hess of the Chromium development community and Martin
      - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
        Chamal De Silva.
      - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
        Credit to Kostya Serebryany of the Chromium development community.
      - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
        Credit to miaubiz.
      - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
        Credit to kuzzcc.
      - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
        Credit to Jose A. Vazquez.
      - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
        Credit to Michael Griffiths.
      - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
        Credit to Sergey Glazunov and wushi of team 509.
      - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
        Martin Barbella.
      - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
        wushi of team509.
      - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
        with navigation errors and interrupted loads. Credit to kuzzcc.
      - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
        Credit to miaubiz.
      - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
        Credit to wushi of team509.
      - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
        Marek Majkowski.
      - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
        Sergey Glazunov.
      - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
        to Sergey Glazunov.
    + Chromium issues:
      - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
        Credit to Aki Helin.
      - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
        capture local files. Credit to Cole Snodgrass.
      - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
        interaction with X. Credit to miaubiz.
      - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
        to Dan Rosenberg.
      - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
        to kuzzcc.
      - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
        reload. Credit to Jordi Chancel.
      - [74763] High, CVE-2011-1439: Prevent interference between renderer
        processes. Credit to Julien Tinnes of the Google Security Team.
  * Fix the password store regression from the last Chromium 10 update.
    Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
    - add debian/patches/stored_passwords_lp743494.patch
    - update debian/patches/series
  * Update the SVG logo to match the new simplified 2D logo (LP: #748881)
    - update debian/chromium-browser.svg
  * Ship the app icon in all the sizes provided upstream
    - update debian/rules
  * Add libpam0g-dev to Build-depends, needed by "Chromoting"
    - update debian/control
  * Enable the new use_third_party_translations flag at build time (it enables
    the Launchpad translations already used in Ubuntu since Chromium 8)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 27 Apr 2011 17:31:35 +0200