This bug was fixed in the package chromium-browser - 20.0.1132.47~r144678-0ubuntu0.12.04.1 --------------- chromium-browser (20.0.1132.47~r144678-0ubuntu0.12.04.1) precise-security; urgency=low * New upstream release from the Stable Channel This release fixes the following security issues: - [118633] Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. - [120222] High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. - [120944] High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. - [120977] High CVE-2012-2819: Crash in texture handling. Credit to Ken “gets” Russell of the Chromium development community. - [121926] Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. - [122925] Medium CVE-2012-2821: Autofill display problem. Credit to “simonbrown60”. - [various] Medium CVE-2012-2822: Misc. lower severity OOB read issues in PDF. Credit to awesome ASAN and various Googlers (Kostya Serebryany, Evgeniy Stepanov, Mateusz Jurczyk, Gynvael Coldwind). - [124356] High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. - [125374] High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. - [128688] Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). - [129857] High CVE-2012-2828: Integer overflows in PDF. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team and Google Chrome Security Team (Chris Evans). - [129947] High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. - [129951] High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. - [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. - [131553] High CVE-2012-2832: Uninitialized pointer in PDF image codec. Credit to Mateusz Jurczyk of Google Security Team with contributions by Gynvael Coldwind of Google Security Team. - [132156] High CVE-2012-2833: Buffer overflow in PDF JS API. Credit to Mateusz Jurczyk of Google Security Team. - [132779] High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. - [127417] Medium CVE-2012-2825: Wild read in XSL handling. Credit to Nicholas Gregoire. - [64-bit Linux only] [129930] High CVE-2012-2807: Integer overflows in libxml. Credit to Jüri Aedla. This upload also fixes the following issues from 19.0.1084.52: - [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson). - [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). - [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz. - [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan). - [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan). - [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”. - [Linux only] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé. - [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. - [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler. - [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. - [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team. - [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts). - [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler. This upload also fixes the following issues from the first Chromium 19 stable release: - [112983] Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG. - [113496] Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community. - [118374] Medium CVE-2011-3085: UI corruption with long autofilled values. Credit to “psaldorn”. - [118642] High CVE-2011-3086: Use-after-free with style element. Credit to Arthur Gerkis. - [118664] Low CVE-2011-3087: Incorrect window navigation. Credit to Charlie Reis of the Chromium development community. - [120648] Medium CVE-2011-3088: Out-of-bounds read in hairline drawing. Credit to Aki Helin of OUSPG. - [120711] High CVE-2011-3089: Use-after-free in table handling. Credit to miaubiz. - [121223] Medium CVE-2011-3090: Race condition with workers. Credit to Arthur Gerkis. - [121734] High CVE-2011-3091: Use-after-free with indexed DB. Credit to Google Chrome Security Team (Inferno). - [122337] High CVE-2011-3092: Invalid write in v8 regex. Credit to Christian Holler. - [122585] Medium CVE-2011-3093: Out-of-bounds read in glyph handling. Credit to miaubiz. - [122586] Medium CVE-2011-3094: Out-of-bounds read in Tibetan handling. Credit to miaubiz. - [123481] High CVE-2011-3095: Out-of-bounds write in OGG container. Credit to Hannu Heikkinen. - [Linux only] [123530] Low CVE-2011-3096: Use-after-free in GTK omnibox handling. Credit to Arthur Gerkis. - [123733] [124182] High CVE-2011-3097: Out-of-bounds write in sampled functions with PDF. Credit to Kostya Serebryany of Google and Evgeniy Stepanov of Google. - [124479] High CVE-2011-3099: Use-after-free in PDF with corrupt font encoding name. Credit to Mateusz Jurczyk of Google Security Team and Gynvael Coldwind of Google Security Team. - [124652] Medium CVE-2011-3100: Out-of-bounds read drawing dash paths. Credit to Google Chrome Security Team (Inferno). - [Linux only] [118970] Medium CVE-2011-3101: Work around Linux Nvidia driver bug. Credit to Aki Helin of OUSPG. - [125462] High CVE-2011-3102: Off-by-one out-of-bounds write in libxml. Credit to Jüri Aedla. * debian/control - Added build depends libssl-dev and subversion * debian/rules - explicitly set arm_float_abi=hard for armhf builds and let the rest fallback to softfp - do not use third_party/gold as the linker. - enable compile-time dependency on gnome-keyring - include armv7 in GYP_DEFINES for 11.10, 12.04 and 12.10. Fixes FTBFS on arm (LP: #993080) * -debian/patches/ubuntu_dont_overwrite_default_download_directory.patch - no longer needed * debian/patches/grd_parse_fix.patch - Patched to fix broken XML until we can get a proper fix for chromium-translation-tools. * debian/patches/arm.patch - patch from debian to fix FTBFS on armel * debian/patches/dlopen_sonamed_gl.patch - drop part of patch that is now upstream -- Ken VanDine