Update to 17.0.963.65

Bug #946914 reported by Micah Gersten on 2012-03-05
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Medium
Micah Gersten
Lucid
Medium
Micah Gersten
Maverick
Medium
Micah Gersten
Natty
Medium
Micah Gersten
Oneiric
Medium
Micah Gersten
Precise
Medium
Micah Gersten

Bug Description

This release fixes a number of issues including:

    Cursors and backgrounds sometimes do not load [111218]
    Plugins not loading on some pages [108228]
    Text paste includes trailing spaces [106551]
    Websites using touch controls break [110332]

[105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva.
[108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis.
[108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG.
[111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis.
[112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis.
[113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz.
[113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz.
[113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz.
[113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz.
[114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz.
[114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz.
[114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz.
[115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz.
[116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis.

Micah Gersten (micahg) on 2012-03-05
visibility: private → public
Changed in chromium-browser (Ubuntu Oneiric):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Oneiric):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → Medium
Micah Gersten (micahg) on 2012-03-05
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 17.0.963.65~r124586-0ubuntu1

---------------
chromium-browser (17.0.963.65~r124586-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #946914)
    - Cursors and backgrounds sometimes do not load [111218]
    - Plugins not loading on some pages [108228]
    - Text paste includes trailing spaces [106551]
    - Websites using touch controls break [110332]
    This release fixes the following security issues:
    - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
      to Chamal de Silva.
    - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
      to Arthur Gerkis.
    - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
      library. Credit to Aki Helin of OUSPG.
    - [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
      Credit to Arthur Gerkis.
    - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
      Arthur Gerkis.
    - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
      miaubiz.
    - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
      block splitting. Credit to miaubiz.
    - [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
      Credit to miaubiz.
    - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
      miaubiz.
    - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
      to miaubiz.
    - [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
      Credit to miaubiz.
    - [114219] High CVE-2011-3042: Use-after-free in table section handling.
      Credit to miaubiz.
    - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
      to miaubiz.
    - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
      Credit to Arthur Gerkis.

  [ Jani Monoses <email address hidden> ]
  * Fix FTBFS on armhf (LP: #943281)
    - add debian/patches/fix-armhf-ftbfs.patch
    - update debian/patches/series
 -- Micah Gersten <email address hidden> Mon, 05 Mar 2012 03:48:05 -0600

Changed in chromium-browser (Ubuntu Precise):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand) wrote :

Tested Lucid through Oneiric on amd64 and i386 in QRT with no regressions.

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Oneiric):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 17.0.963.65~r124586-0ubuntu0.10.04.1

---------------
chromium-browser (17.0.963.65~r124586-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #946914)
    - Cursors and backgrounds sometimes do not load [111218]
    - Plugins not loading on some pages [108228]
    - Text paste includes trailing spaces [106551]
    - Websites using touch controls break [110332]
    This release fixes the following security issues:
    - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
      to Chamal de Silva.
    - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
      to Arthur Gerkis.
    - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
      library. Credit to Aki Helin of OUSPG.
    - [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
      Credit to Arthur Gerkis.
    - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
      Arthur Gerkis.
    - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
      miaubiz.
    - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
      block splitting. Credit to miaubiz.
    - [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
      Credit to miaubiz.
    - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
      miaubiz.
    - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
      to miaubiz.
    - [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
      Credit to miaubiz.
    - [114219] High CVE-2011-3042: Use-after-free in table section handling.
      Credit to miaubiz.
    - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
      to miaubiz.
    - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
      Credit to Arthur Gerkis.
 -- Micah Gersten <email address hidden> Mon, 05 Mar 2012 04:40:43 -0600

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 17.0.963.65~r124586-0ubuntu0.11.10.1

---------------
chromium-browser (17.0.963.65~r124586-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * New upstream release from the Stable Channel (LP: #946914)
    - Cursors and backgrounds sometimes do not load [111218]
    - Plugins not loading on some pages [108228]
    - Text paste includes trailing spaces [106551]
    - Websites using touch controls break [110332]
    This release fixes the following security issues:
    - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
      to Chamal de Silva.
    - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
      to Arthur Gerkis.
    - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
      library. Credit to Aki Helin of OUSPG.
    - [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
      Credit to Arthur Gerkis.
    - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
      Arthur Gerkis.
    - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
      miaubiz.
    - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
      block splitting. Credit to miaubiz.
    - [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
      Credit to miaubiz.
    - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
      miaubiz.
    - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
      to miaubiz.
    - [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
      Credit to miaubiz.
    - [114219] High CVE-2011-3042: Use-after-free in table section handling.
      Credit to miaubiz.
    - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
      to miaubiz.
    - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
      Credit to Arthur Gerkis.
 -- Micah Gersten <email address hidden> Mon, 05 Mar 2012 04:47:41 -0600

Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 17.0.963.65~r124586-0ubuntu0.10.10.1

---------------
chromium-browser (17.0.963.65~r124586-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #946914)
    - Cursors and backgrounds sometimes do not load [111218]
    - Plugins not loading on some pages [108228]
    - Text paste includes trailing spaces [106551]
    - Websites using touch controls break [110332]
    This release fixes the following security issues:
    - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
      to Chamal de Silva.
    - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
      to Arthur Gerkis.
    - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
      library. Credit to Aki Helin of OUSPG.
    - [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
      Credit to Arthur Gerkis.
    - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
      Arthur Gerkis.
    - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
      miaubiz.
    - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
      block splitting. Credit to miaubiz.
    - [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
      Credit to miaubiz.
    - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
      miaubiz.
    - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
      to miaubiz.
    - [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
      Credit to miaubiz.
    - [114219] High CVE-2011-3042: Use-after-free in table section handling.
      Credit to miaubiz.
    - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
      to miaubiz.
    - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
      Credit to Arthur Gerkis.
 -- Micah Gersten <email address hidden> Mon, 05 Mar 2012 04:42:41 -0600

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 17.0.963.65~r124586-0ubuntu0.11.04.1

---------------
chromium-browser (17.0.963.65~r124586-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release from the Stable Channel (LP: #946914)
    - Cursors and backgrounds sometimes do not load [111218]
    - Plugins not loading on some pages [108228]
    - Text paste includes trailing spaces [106551]
    - Websites using touch controls break [110332]
    This release fixes the following security issues:
    - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
      to Chamal de Silva.
    - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
      to Arthur Gerkis.
    - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
      library. Credit to Aki Helin of OUSPG.
    - [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
      Credit to Arthur Gerkis.
    - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
      Arthur Gerkis.
    - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
      miaubiz.
    - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
      block splitting. Credit to miaubiz.
    - [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
      Credit to miaubiz.
    - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
      miaubiz.
    - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
      to miaubiz.
    - [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
      Credit to miaubiz.
    - [114219] High CVE-2011-3042: Use-after-free in table section handling.
      Credit to miaubiz.
    - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
      to miaubiz.
    - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
      Credit to Arthur Gerkis.
 -- Micah Gersten <email address hidden> Mon, 05 Mar 2012 04:44:24 -0600

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers