Update to 15.0.874.120
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| chromium-browser (Ubuntu) |
High
|
Micah Gersten | ||
| Lucid |
High
|
Micah Gersten | ||
| Maverick |
High
|
Micah Gersten | ||
| Natty |
High
|
Micah Gersten | ||
| Oneiric |
High
|
Micah Gersten | ||
| Precise |
High
|
Micah Gersten |
Bug Description
The Stable channel has been updated to 15.0.874.120 for Windows, Mac, Linux and Chrome Frame platforms
All
Updated V8 - 3.5.10.23
Fix small print sizing issues (issues: 102186, 82472, 102154)
Security fixes:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
[100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
[100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
[101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
[101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community.
[102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
[102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).
Related branches
CVE References
- 2011-2845
- 2011-3875
- 2011-3876
- 2011-3877
- 2011-3878
- 2011-3879
- 2011-3880
- 2011-3881
- 2011-3882
- 2011-3883
- 2011-3884
- 2011-3885
- 2011-3886
- 2011-3887
- 2011-3888
- 2011-3889
- 2011-3890
- 2011-3891
- 2011-3892
- 2011-3893
- 2011-3894
- 2011-3895
- 2011-3896
- 2011-3897
- 2011-3898
- 2011-3900
- 2011-3903
- 2011-3904
- 2011-3905
- 2011-3906
- 2011-3907
- 2011-3908
- 2011-3909
- 2011-3910
- 2011-3911
- 2011-3912
- 2011-3913
- 2011-3914
- 2011-3915
- 2011-3916
- 2011-3917
- 2011-3919
- 2011-3921
- 2011-3922
- 2011-3924
- 2011-3925
- 2011-3926
- 2011-3927
- 2011-3928
visibility: | private → public |
description: | updated |
Changed in chromium-browser (Ubuntu Precise): | |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Oneiric): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Natty): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Maverick): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Lucid): | |
assignee: | nobody → Micah Gersten (micahg) |
Changed in chromium-browser (Ubuntu Oneiric): | |
importance: | Undecided → High |
Changed in chromium-browser (Ubuntu Natty): | |
importance: | Undecided → High |
Changed in chromium-browser (Ubuntu Maverick): | |
importance: | Undecided → High |
Changed in chromium-browser (Ubuntu Lucid): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Maverick): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Natty): | |
status: | New → In Progress |
Changed in chromium-browser (Ubuntu Oneiric): | |
status: | New → In Progress |
Launchpad Janitor (janitor) wrote : | #1 |
Changed in chromium-browser (Ubuntu Precise): | |
status: | In Progress → Fix Released |
Dmitry Shachnev (mitya57) wrote : | #2 |
15.0.874.121 is available as well
The Stable channel has been updated to 15.0.874.121 for Windows, Mac, Linux and Chrome Frame platforms
All
- Updated V8 - 3.5.10.24
- This build contains the fix to a regression: SVG in iframe doesn't use specified dimensions (Issue: 98951)
Security fixes and rewards:
Please see the Chromium security page for more detail.
Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
- [$1000] [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler.
Micah Gersten (micahg) wrote : | #3 |
Filed Bug #897389 to track 15.0.874.121
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package chromium-browser - 16.0.912.
---------------
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-
Credit to Arthur Gerkis.
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-
Credit t...
Changed in chromium-browser (Ubuntu Maverick): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package chromium-browser - 16.0.912.
---------------
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-
Credit to Arthur Gerkis.
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-
Credit to Goog...
Changed in chromium-browser (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package chromium-browser - 16.0.912.
---------------
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-
Credit to Arthur Gerkis.
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-
Credit to ...
Changed in chromium-browser (Ubuntu Oneiric): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package chromium-browser - 16.0.912.
---------------
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-
Credit to Arthur Gerkis.
chromium-browser (16.0.912.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-
Credit to Goog...
Changed in chromium-browser (Ubuntu Natty): | |
status: | In Progress → Fix Released |
This bug was fixed in the package chromium-browser - 15.0.874. 120~r108895- 0ubuntu1
--------------- 120~r108895- 0ubuntu1) precise; urgency=low
chromium-browser (15.0.874.
* New upstream release from the Stable Channel (LP: #889711)
This release fixes the following security issues:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
-- Micah Gersten <email address hidden> Sun, 13 Nov 2011 00:11:03 -0600