Update to 15.0.874.121

Bug #897389 reported by Micah Gersten on 2011-11-28
This bug report is a duplicate of:  Bug #914648: Update to 16.0.912.75. Edit Remove
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Undecided
Unassigned

Bug Description

This build contains the fix to a regression: SVG in iframe doesn't use specified dimensions (Issue: 98951)
[103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler.

Micah Gersten (micahg) on 2011-11-28
visibility: private → public
Changed in chromium-browser (Ubuntu):
status: New → Triaged
Micah Gersten (micahg) wrote :

Rolling this into bug 914648

Launchpad Janitor (janitor) wrote :
Download full text (3.7 KiB)

This bug was fixed in the package chromium-browser - 16.0.912.77~r118311-0ubuntu1

---------------
chromium-browser (16.0.912.77~r118311-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #923602, #897389)
    (LP: #914648, #889711)
    This release fixes the following security issues:
    - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
      Arthur Gerkis.
    - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
      navigation. Credit to Chamal de Silva.
    - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
      wushi of team509 reported through ZDI (ZDI-CAN-1415).
    - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
      miaubiz.
    - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
      Credit to Arthur Gerkis.

    This upload also includes the following security fixes from 16.0.912.75:
    - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
      Boris Zbarsky of Mozilla.
    - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
      Jüri Aedla.
    - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
      Credit to Google Chrome Security Team (Cris Neckar).

    This upload also includes the following security fixes from 16.0.912.63:
    - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
      to David Holloway of the Chromium development community.
    - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
      Chrome Security Team (Inferno).
    - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
      Aki Helin of OUSPG.
    - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
      Luka Treiber of ACROS Security.
    - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
      Aki Helin of OUSPG.
    - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array. Credit to Google Chrome Security Team (scarybeasts) and
      Chu.
    - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
      handling. Credit to Google Chrome Security Team (Cris Neckar).
    - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
      Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
      Security Team.
    - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
      Arthur Gerkis.
    - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
      Arthur Gerkis.
    - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
      Credit to Sławomir Błażek.
    - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
      to Atte Kettunen of OUSPG.
    - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
      references. Credit to Atte Kettunen of OUSPG.
    - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      Credit to Google Chrome Security Team (Marty Barbella).

    This upload also includes the following fixes from 15.0.874.121:
    - fix...

Read more...

Changed in chromium-browser (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers