Please update to 18.0.1025.142

Bug #968901 reported by Micah Gersten on 2012-03-30
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Medium
Micah Gersten
Lucid
Medium
Micah Gersten
Maverick
Medium
Micah Gersten
Natty
Medium
Micah Gersten
Oneiric
Medium
Micah Gersten
Precise
Medium
Micah Gersten

Bug Description

[109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa.
[112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis.
[114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz.
[116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google.
[116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team.
[117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team).
[117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG.
[117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
[117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler.

Micah Gersten (micahg) on 2012-03-30
visibility: private → public
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Precise):
importance: Undecided → Medium
Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
status: New → In Progress
Changed in chromium-browser (Ubuntu Oneiric):
status: New → In Progress
Changed in chromium-browser (Ubuntu Precise):
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Oneiric):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Precise):
assignee: nobody → Micah Gersten (micahg)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 18.0.1025.142~r129054-0ubuntu1

---------------
chromium-browser (18.0.1025.142~r129054-0ubuntu1) precise; urgency=low

  * New upstream release from the Stable Channel (LP: #968901)
    This release fixes the following security issues:
    - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
      EUC-JP. Credit to Masato Kinugawa.
    - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
      Credit to Arthur Gerkis.
    - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
      handling. Credit to miaubiz.
    - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
      Credit to Leonidas Kontothanassis of Google.
    - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
      Mateusz Jurczyk of the Google Security Team.
    - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
      more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
      scarybeasts (Google Chrome Security Team).
    - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
      Atte Kettunen of OUSPG.
    - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
    - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
      Holler.

  * Add build dependency on libudev-dev to allow for gamepad detection; see
    http://code.google.com/p/chromium/issues/detail?id=79050
    - update debian/control
  * Drop dlopen_libgnutls patch as it's been implemented upstream
     - drop debian/patches/dlopen_libgnutls.patch
     - update debian/patches/series
  * Start removing *.so and *.so.* from the upstream tarball creation
    - update debian/rules
  * Strip almost the entire third_party/openssl directory as it's needed only
    on android, but is used by the build system
    - update debian/rules
  * Use tar's --exclude-vcs flag instead of just excluding .svn
    - update debian/rules
 -- Micah Gersten <email address hidden> Sun, 01 Apr 2012 22:17:11 -0500

Changed in chromium-browser (Ubuntu Precise):
status: In Progress → Fix Released
Micah Gersten (micahg) wrote :

tested oneiric with QRT on amd64 and i386, no regressions over previous functionality

tags: added: security-ver
tags: added: security-verification
removed: security-ver
tags: added: verification-done-oneiric verification-needed
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package chromium-browser - 18.0.1025.142~r129054-0ubuntu0.11.10.1

---------------
chromium-browser (18.0.1025.142~r129054-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * New upstream release from the Stable Channel (LP: #968901)
    This release fixes the following security issues:
    - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
      EUC-JP. Credit to Masato Kinugawa.
    - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
      Credit to Arthur Gerkis.
    - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
      handling. Credit to miaubiz.
    - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
      Credit to Leonidas Kontothanassis of Google.
    - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
      Mateusz Jurczyk of the Google Security Team.
    - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
      more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
      scarybeasts (Google Chrome Security Team).
    - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
      Atte Kettunen of OUSPG.
    - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
    - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
      Holler.

  * Add build dependency on libudev-dev to allow for gamepad detection; see
    http://code.google.com/p/chromium/issues/detail?id=79050
    - update debian/control
  * Drop dlopen_libgnutls patch as it's been implemented upstream
     - drop debian/patches/dlopen_libgnutls.patch
     - update debian/patches/series
  * Start removing *.so and *.so.* from the upstream tarball creation
    - update debian/rules
  * Strip almost the entire third_party/openssl directory as it's needed only
    on android, but is used by the build system
    - update debian/rules
  * Use tar's --exclude-vcs flag instead of just excluding .svn
    - update debian/rules

chromium-browser (17.0.963.83~r127885-0ubuntu0.11.10.1) oneiric-security; urgency=low

  * New upstream release from the Stable Channel (LP: #961831)
    This release fixes the following security issues:
    - [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
      Credit to miaubiz.
    - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
      to Glenn Randers-Pehrson of the libpng project.
    - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
      Credit to Arthur Gerkis.
    - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
      Credit to Ben Vanik of Google.
    - [116746] High CVE-2011-3053: Use-after-free in block splitting.
      Credit to miaubiz.
    - [117418] Low CVE-2011-3054: Apply additional isolations to webui
      privileges. Credit to Sergey Glazunov.
    - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
      extension installation. Credit to PinkiePie.
    - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
      Credit to Sergey Glazunov.
    - [117794] Medium CVE-2011-3057: I...

Read more...

Changed in chromium-browser (Ubuntu Oneiric):
status: In Progress → Fix Released
Micah Gersten (micahg) wrote :

tested natty with QRT on amd64 and i386, no regressions over previous functionality

Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package chromium-browser - 18.0.1025.142~r129054-0ubuntu0.11.04.1

---------------
chromium-browser (18.0.1025.142~r129054-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release from the Stable Channel (LP: #968901)
    This release fixes the following security issues:
    - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
      EUC-JP. Credit to Masato Kinugawa.
    - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
      Credit to Arthur Gerkis.
    - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
      handling. Credit to miaubiz.
    - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
      Credit to Leonidas Kontothanassis of Google.
    - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
      Mateusz Jurczyk of the Google Security Team.
    - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
      more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
      scarybeasts (Google Chrome Security Team).
    - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
      Atte Kettunen of OUSPG.
    - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
    - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
      Holler.

  * Add build dependency on libudev-dev to allow for gamepad detection; see
    http://code.google.com/p/chromium/issues/detail?id=79050
    - update debian/control
  * Drop dlopen_libgnutls patch as it's been implemented upstream
     - drop debian/patches/dlopen_libgnutls.patch
     - update debian/patches/series
  * Start removing *.so and *.so.* from the upstream tarball creation
    - update debian/rules
  * Strip almost the entire third_party/openssl directory as it's needed only
    on android, but is used by the build system
    - update debian/rules
  * Use tar's --exclude-vcs flag instead of just excluding .svn
    - update debian/rules

chromium-browser (17.0.963.83~r127885-0ubuntu0.11.04.1) natty-security; urgency=low

  * New upstream release from the Stable Channel (LP: #961831)
    This release fixes the following security issues:
    - [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
      Credit to miaubiz.
    - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
      to Glenn Randers-Pehrson of the libpng project.
    - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
      Credit to Arthur Gerkis.
    - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
      Credit to Ben Vanik of Google.
    - [116746] High CVE-2011-3053: Use-after-free in block splitting.
      Credit to miaubiz.
    - [117418] Low CVE-2011-3054: Apply additional isolations to webui
      privileges. Credit to Sergey Glazunov.
    - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
      extension installation. Credit to PinkiePie.
    - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
      Credit to Sergey Glazunov.
    - [117794] Medium CVE-2011-3057: Inval...

Read more...

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package chromium-browser - 18.0.1025.142~r129054-0ubuntu0.10.10.1

---------------
chromium-browser (18.0.1025.142~r129054-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #968901)
    This release fixes the following security issues:
    - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
      EUC-JP. Credit to Masato Kinugawa.
    - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
      Credit to Arthur Gerkis.
    - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
      handling. Credit to miaubiz.
    - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
      Credit to Leonidas Kontothanassis of Google.
    - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
      Mateusz Jurczyk of the Google Security Team.
    - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
      more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
      scarybeasts (Google Chrome Security Team).
    - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
      Atte Kettunen of OUSPG.
    - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
    - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
      Holler.

  * Add build dependency on libudev-dev to allow for gamepad detection; see
    http://code.google.com/p/chromium/issues/detail?id=79050
    - update debian/control
  * Drop dlopen_libgnutls patch as it's been implemented upstream
     - drop debian/patches/dlopen_libgnutls.patch
     - update debian/patches/series
  * Start removing *.so and *.so.* from the upstream tarball creation
    - update debian/rules
  * Strip almost the entire third_party/openssl directory as it's needed only
    on android, but is used by the build system
    - update debian/rules
  * Use tar's --exclude-vcs flag instead of just excluding .svn
    - update debian/rules

chromium-browser (17.0.963.83~r127885-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #961831)
    This release fixes the following security issues:
    - [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
      Credit to miaubiz.
    - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
      to Glenn Randers-Pehrson of the libpng project.
    - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
      Credit to Arthur Gerkis.
    - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
      Credit to Ben Vanik of Google.
    - [116746] High CVE-2011-3053: Use-after-free in block splitting.
      Credit to miaubiz.
    - [117418] Low CVE-2011-3054: Apply additional isolations to webui
      privileges. Credit to Sergey Glazunov.
    - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
      extension installation. Credit to PinkiePie.
    - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
      Credit to Sergey Glazunov.
    - [117794] Medium CVE-2011-3057:...

Read more...

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package chromium-browser - 18.0.1025.151~r130497-0ubuntu0.10.04.1

---------------
chromium-browser (18.0.1025.151~r130497-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #977502)
    - black screen on Hybrid Graphics system with GPU accelerated compositing
      enabled (Issue: 117371)
    - CSS not applied to <content> element (Issue: 114667)
    - Regression rendering a div with background gradient and borders
      (Issue: 113726)
    - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
    - Multiple crashes (Issues: 72235, 116825 and 92998)
    - Pop-up dialog is at wrong position (Issue: 116045)
    - HTML Canvas patterns are broken if you change the transformation matrix
      (Issue: 112165)
    - SSL interstitial error "proceed anyway" / "back to safety" buttons don't
      work (Issue: 119252)
    This release fixes the following security issues:
    - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
      Credit to miaubiz.
    - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
      Sergey Glazunov.
    - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
      miaubiz.
    - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
      to miaubiz.
    - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
      Google Chrome Security Team (SkyLined).
    - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
      to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
    - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
      window. Credit to Sergey Glazunov.
    - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
      Credit to Arthur Gerkis.
    - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
      to Sławomir Błażek.
    - [119525] High CVE-2011-3075: Use-after-free applying style command.
      Credit to miaubiz.
    - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
      miaubiz.
    - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
      to Google Chrome Security Team (Inferno).

chromium-browser (18.0.1025.142~r129054-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #968901)
    This release fixes the following security issues:
    - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
      EUC-JP. Credit to Masato Kinugawa.
    - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
      Credit to Arthur Gerkis.
    - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
      handling. Credit to miaubiz.
    - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
      Credit to Leonidas Kontothanassis of Google.
    - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
      Mateusz Jurczyk of the Google Security Team.
    - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
      more carefully. Credit to kuzzcc, Serge...

Read more...

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.