12.0.742.91 -> 12.0.742.112

Bug #803107 reported by Fabien Tassin on 2011-06-28
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Micah Gersten
Maverick
High
Micah Gersten
Natty
High
Micah Gersten
Oneiric
High
Fabien Tassin
Fabien Tassin (fta) on 2011-06-28
Changed in chromium-browser (Ubuntu Oneiric):
status: New → Fix Committed
importance: Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Oneiric):
assignee: nobody → Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Natty):
status: New → Confirmed
Changed in chromium-browser (Ubuntu Maverick):
status: New → Confirmed
Changed in chromium-browser (Ubuntu Lucid):
status: New → Confirmed
security vulnerability: no → yes
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 12.0.742.112~r90304-0ubuntu1

---------------
chromium-browser (12.0.742.112~r90304-0ubuntu1) oneiric; urgency=high

  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.
  Packaging changes:
  * Add Valencian (ca@valencia) to the list of supported langs for the
    lang-packs
    - update debian/rules
    - update debian/control
  * Add support for language variants in Grit, backported from trunk.
    This is needed to support lang-codes like ca@valencia
    - add debian/patches/grit_language_variants.patch
    - update debian/patches/series
  * Add a WANT_ONLY_WHITELISTED_NEW_LANGS knob to make it easier to
    sync translations of new langs between all the branches
    - update debian/rules
  * Properly stop the keep-alive when the build fails
    - update debian/rules
  * Fix the HTML5 <video> tag regression in Oneiric by properly linking
    libvpx so it's not being dropped from libffmpegsumo.so (LP: #795171)
    - add debian/patches/html5-codecs-fix.patch
    - update debian/patches/series
  * Drop the -inspector package, its content has been merged into the main deb
    in M12 and the deb remained empty since.
    Also drop chromium-codecs-ffmpeg-nonfree, renamed in M5 to -extra
    - update debian/control
    - update debian/rules
  * Backport of http://codereview.chromium.org/6883221 from M13 presumably
    fixing the ARM ftbfs from the last update, and set use_cups=0 on armel
    - add debian/patches/cups_cleanup_cr6883221.patch
    - update debian/patches/series
    - update debian/rules
 -- Fabien Tassin <email address hidden> Tue, 28 Jun 2011 07:17:52 +0200

Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Micah Gersten (micahg) on 2011-06-29
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
status: Confirmed → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status: Confirmed → In Progress
Changed in chromium-browser (Ubuntu Natty):
status: Confirmed → In Progress
Micah Gersten (micahg) wrote :

Packages are built in ubuntu-security-proposed, testing in progress

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Committed
Micah Gersten (micahg) wrote :

Tested Lucid amd64 and i386 qith QRT, no regression found over previous functionality

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 12.0.742.112~r90304-0ubuntu0.10.04.1

---------------
chromium-browser (12.0.742.112~r90304-0ubuntu0.10.04.1) lucid-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.

  [ Micah Gersten <email address hidden> ]
  * Drop armel again from control file to not block on i386/amd64 updates
    - update debian/control
 -- Micah Gersten <email address hidden> Wed, 29 Jun 2011 14:42:28 +0100

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Micah Gersten (micahg) on 2011-07-01
tags: added: security-verification verification-needed
Micah Gersten (micahg) wrote :

Had jdstrand copy maverick and natty to -proposed

Tested maverick on i386 and amd64 with QRT, no regressions found over previous functionality

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 12.0.742.112~r90304-0ubuntu0.10.10.1

---------------
chromium-browser (12.0.742.112~r90304-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.

  [ Micah Gersten <email address hidden> ]
  * Drop armel again from control file to not block on i386/amd64 updates
    - update debian/control
 -- Micah Gersten <email address hidden> Thu, 30 Jun 2011 11:14:27 +0100

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Fabien Tassin (fta) wrote :

why didn't you land any of my packaging changes ??? the keep-alive fix was mandatory, the inspector removal and ca@valencia would have been nice to have, and the latter was definitively harmless.

Micah Gersten (micahg) wrote :

The keep-alive fix is unnecessary on the native builders as I had lamont increase the timeout to 3 hrs for non-arm and 10 hours for arm, I already moved the inspector into the main package on the last upload, no need to remove a package in the stable release. The other change needs to go through -proposed as an SRU.

Fabien Tassin (fta) wrote :

the keep-alive fix *is* necessary: if for some reason, it fails to compile or link, the keep-alive will remain active, preventing the build to die until killed manually.

Micah Gersten (micahg) wrote :

I never added the keep-alive script in the stable releases, so there's no issue :)

Micah Gersten (micahg) wrote :

Tested natty on i386 and amd64 with QRT, no regressions found over previous functionality

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 12.0.742.112~r90304-0ubuntu0.11.04.1

---------------
chromium-browser (12.0.742.112~r90304-0ubuntu0.11.04.1) natty-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #803107)
    This release fixes the following security issues:
    + WebKit issues:
      - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
        Credit to miaubiz.
      - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
        to miaubiz.
      - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
        HTML parser. Credit to miaubiz.
      - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
        Credit to miaubiz.
      - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
        to miaubiz.
    + Chromium issues:
      - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
        handling. Credit to Philippe Arteau.
      - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
        Helin of OUSPG.
 -- Micah Gersten <email address hidden> Thu, 30 Jun 2011 12:52:08 +0100

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers