Update to 17.0.963.56

Bug #933262 reported by Micah Gersten on 2012-02-16
266
This bug affects 3 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Medium
Micah Gersten
Lucid
Medium
Micah Gersten
Maverick
Medium
Micah Gersten
Natty
Medium
Micah Gersten
Oneiric
Medium
Micah Gersten
Precise
Medium
Micah Gersten

Bug Description

[105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts).
[106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz.
[108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz.
[110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG.
[110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team.
[111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community.
[111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis.
[112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes).
[112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt.
[112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot.
[112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek.
[112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla.
[112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz.

Micah Gersten (micahg) on 2012-02-16
security vulnerability: no → yes
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Oneiric):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Precise):
assignee: nobody → Micah Gersten (micahg)
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → Medium
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
status: New → In Progress
Changed in chromium-browser (Ubuntu Oneiric):
status: New → In Progress
Changed in chromium-browser (Ubuntu Precise):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 17.0.963.56~r121963-0ubuntu1

---------------
chromium-browser (17.0.963.56~r121963-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #933262)
    This release fixes the following security issues:
    - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
      Google Chrome Security Team (scarybeasts).
    - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
      to miaubiz.
    - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
      Credit to miaubiz.
    - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
      Aki Helin of OUSPG.
    - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
      to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
      Google Security Team.
    - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
      Nick Bray of the Chromium development community.
    - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
      Arthur Gerkis.
    - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
      script. Credit to Google Chrome Security Team (Jorge Obes).
    - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
      to pa_kt.
    - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
      Credit to chrometot.
    - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
      to Sławomir Błażek.
    - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
      Credit to Jüri Aedla.
    - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
      miaubiz.
 -- Micah Gersten <email address hidden> Wed, 15 Feb 2012 22:55:08 -0600

Changed in chromium-browser (Ubuntu Precise):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand) wrote :

Verified lucid-oneiric on amd64 and i386 pass QRT with no regressions.

Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package chromium-browser - 17.0.963.56~r121963-0ubuntu0.11.10.1

---------------
chromium-browser (17.0.963.56~r121963-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * New upstream release from the Stable Channel (LP: #931905, #933262)
    This release fixes the following security issues from 17.0.963.56:
    - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
      Google Chrome Security Team (scarybeasts).
    - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
      to miaubiz.
    - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
      Credit to miaubiz.
    - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
      Aki Helin of OUSPG.
    - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
      to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
      Google Security Team.
    - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
      Nick Bray of the Chromium development community.
    - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
      Arthur Gerkis.
    - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
      script. Credit to Google Chrome Security Team (Jorge Obes).
    - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
      to pa_kt.
    - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
      Credit to chrometot.
    - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
      to Sławomir Błażek.
    - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
      Credit to Jüri Aedla.
    - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
      miaubiz.

    This release fixes the following security issues from 17.0.963.46:
    - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
      Credit to Daniel Cheng of the Chromium development community.
    - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
      Collin Payne.
    - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
      to David Grogan of the Chromium development community.
    - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
      extensions. Credit to Devdatta Akhawe, UC Berkeley.
    - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
      Credit to Aki Helin of OUSPG.
    - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
      miaubiz.
    - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
      Aki Helin of OUSPG.
    - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
      Credit to Aki Helin of OUSPG.
    - [108871] Critical CVE-2011-3961: Race condition after crash of utility
      process. Credit to Shawn Goertzen.
    - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
      to Aki Helin of OUSPG.
    - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
      handling. Credit to Atte Kettunen of ...

Read more...

Changed in chromium-browser (Ubuntu Oneiric):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package chromium-browser - 17.0.963.56~r121963-0ubuntu0.10.10.1

---------------
chromium-browser (17.0.963.56~r121963-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #931905, #933262)
    This release fixes the following security issues from 17.0.963.56:
    - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
      Google Chrome Security Team (scarybeasts).
    - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
      to miaubiz.
    - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
      Credit to miaubiz.
    - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
      Aki Helin of OUSPG.
    - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
      to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
      Google Security Team.
    - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
      Nick Bray of the Chromium development community.
    - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
      Arthur Gerkis.
    - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
      script. Credit to Google Chrome Security Team (Jorge Obes).
    - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
      to pa_kt.
    - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
      Credit to chrometot.
    - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
      to Sławomir Błażek.
    - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
      Credit to Jüri Aedla.
    - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
      miaubiz.

    This release fixes the following security issues from 17.0.963.46:
    - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
      Credit to Daniel Cheng of the Chromium development community.
    - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
      Collin Payne.
    - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
      to David Grogan of the Chromium development community.
    - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
      extensions. Credit to Devdatta Akhawe, UC Berkeley.
    - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
      Credit to Aki Helin of OUSPG.
    - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
      miaubiz.
    - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
      Aki Helin of OUSPG.
    - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
      Credit to Aki Helin of OUSPG.
    - [108871] Critical CVE-2011-3961: Race condition after crash of utility
      process. Credit to Shawn Goertzen.
    - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
      to Aki Helin of OUSPG.
    - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
      handling. Credit to Atte Kettunen of...

Read more...

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package chromium-browser - 17.0.963.56~r121963-0ubuntu0.10.04.1

---------------
chromium-browser (17.0.963.56~r121963-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #931905, #933262)
    This release fixes the following security issues from 17.0.963.56:
    - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
      Google Chrome Security Team (scarybeasts).
    - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
      to miaubiz.
    - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
      Credit to miaubiz.
    - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
      Aki Helin of OUSPG.
    - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
      to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
      Google Security Team.
    - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
      Nick Bray of the Chromium development community.
    - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
      Arthur Gerkis.
    - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
      script. Credit to Google Chrome Security Team (Jorge Obes).
    - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
      to pa_kt.
    - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
      Credit to chrometot.
    - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
      to Sławomir Błażek.
    - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
      Credit to Jüri Aedla.
    - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
      miaubiz.

    This release fixes the following security issues from 17.0.963.46:
    - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
      Credit to Daniel Cheng of the Chromium development community.
    - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
      Collin Payne.
    - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
      to David Grogan of the Chromium development community.
    - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
      extensions. Credit to Devdatta Akhawe, UC Berkeley.
    - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
      Credit to Aki Helin of OUSPG.
    - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
      miaubiz.
    - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
      Aki Helin of OUSPG.
    - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
      Credit to Aki Helin of OUSPG.
    - [108871] Critical CVE-2011-3961: Race condition after crash of utility
      process. Credit to Shawn Goertzen.
    - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
      to Aki Helin of OUSPG.
    - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
      handling. Credit to Atte Kettunen of OU...

Read more...

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.4 KiB)

This bug was fixed in the package chromium-browser - 17.0.963.56~r121963-0ubuntu0.11.04.1

---------------
chromium-browser (17.0.963.56~r121963-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release from the Stable Channel (LP: #931905, #933262)
    This release fixes the following security issues from 17.0.963.56:
    - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
      Google Chrome Security Team (scarybeasts).
    - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
      to miaubiz.
    - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
      Credit to miaubiz.
    - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
      Aki Helin of OUSPG.
    - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
      to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
      Google Security Team.
    - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
      Nick Bray of the Chromium development community.
    - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
      Arthur Gerkis.
    - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
      script. Credit to Google Chrome Security Team (Jorge Obes).
    - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
      to pa_kt.
    - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
      Credit to chrometot.
    - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
      to Sławomir Błażek.
    - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
      Credit to Jüri Aedla.
    - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
      miaubiz.

    This release fixes the following security issues from 17.0.963.46:
    - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
      Credit to Daniel Cheng of the Chromium development community.
    - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
      Collin Payne.
    - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
      to David Grogan of the Chromium development community.
    - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
      extensions. Credit to Devdatta Akhawe, UC Berkeley.
    - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
      Credit to Aki Helin of OUSPG.
    - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
      miaubiz.
    - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
      Aki Helin of OUSPG.
    - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
      Credit to Aki Helin of OUSPG.
    - [108871] Critical CVE-2011-3961: Race condition after crash of utility
      process. Credit to Shawn Goertzen.
    - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
      to Aki Helin of OUSPG.
    - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
      handling. Credit to Atte Kettunen of OU...

Read more...

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers