© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
This bug was fixed in the package chromium-browser - 17.0.963.
---------------
chromium-browser (17.0.963.
* New upstream release from the Stable Channel (LP: #931905, #933262)
This release fixes the following security issues from 17.0.963.56:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
This release fixes the following security issues from 17.0.963.46:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/
-- Micah Gersten <email address hidden> Tue, 21 Feb 2012 01:26:46 -0600