This bug was fixed in the package chromium-browser -
24.0.1312.56-0ubuntu1
---------------
chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low
* Add comment-markers to debian/patches/series file to make patch import
easier.
* debian/patches/gyp-config-root.patch
- Added. Avoids compilation bug on (at least) ARM.
* debian/patches/arm-neon.patch
- Added function to determine NEON functionality in ARM at runtime for
WebRt library in WebKit.
* Update README.source to include some of these changes.
* Set new URL for channel-release info in rules file.
* debian/chromium-browser.install
- No longer install demo extension
- Install remoting locales
* debian/patches/chromium_useragent.patch.in renamed to drop ".in",
OS "Ubuntu" hardcoded with no compilation-release name, and patch
refreshed to follow new location of source. Also remove it
from the list of ephemeral files that "clean" rule removes.
* In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
to be safer and faster.
* Make most patches follow a common format (no timestamps or Index lines), to
avoid future churn.
* Write the "REMOVED" list files to the root of the orig tarball,
instead of inside the src/ directory, where they could collide.
* Fix dpkg-source warning: Clean up python cached bytecode files.
* Also don't include python bytecode or cache files in orig tarball,
and clean then up on "clean" rule.
* Fix dpkg-source warning: Remove autoconf cache.
* Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
* Fix lintian error not-binnmuable-all-depends-any.
* Override lintian complaints ancient-autotools-helper-file and
unused-build-dependency-on-cdbs.
* Drop "lzma" from build dependencies.
* Set default binary and source package compression to xz. If
building for Ubuntu 10.04, then make binary's compression to bzip2.
* List explicit architectures that Chromium supports, instead of "any".
Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}.
* debian/patches/arm-neon.patch added to get ARM w/o Neon support.
(LP: #1084852)
* Add chromedriver packaging. (LP: #1069930) Thanks to
John Rigby <john.ri...@linaro.org>
* In debian/rules, avoid creating invalid subst expression in sed
of DEBIAN* vars into files.
* Note localization in package description for support for ast, bs, en-AU,
eo, hy, ia, ka, ku, kw, ms.
* No longer include Launchpad-generated translations. Disable patch
grd_parse_fix.patch .
* Set default binary and source package compression to xz. If
building for Ubuntu 10.04, then make binary's compression to bzip2.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Remove unnecessary glib-header-single-entry.patch .
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* Add patches/struct-siginfo.patch to work around source bug in dereferencing
internal stuct instead of public type.
* Drop SCM revision from the version.
* Refresh patches from lp:unity-chromium-extension .
* Make all patches follow a common format, to avoid future churn.
No timestamps, a/b parent, sorted, no index.
* New upstream version 24.0.1312.56:
- CVE-2013-0839: Use-after-free in canvas font handling.
- CVE-2013-0840: Missing URL validation when opening new windows.
- CVE-2013-0841: Unchecked array index in content blocking.
- CVE-2013-0842: Problems with NULL characters embedded in paths.
* New upstream version 24.0.1312.52: (LP: #1099075)
- CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
OUSPG.
- CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
Erling A Ellingsen and Subodh Iyengar, both of Facebook.
- CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
Credit to Google Chrome Security Team (Justin Schuh).
- CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
Chrome Security Team (Chris Evans).
- CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
Security Team (Inferno).
- CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
Team.
- CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
Chrome Security Team (Inferno).
- CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
Rossberg of the Chromium development community.
- CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
with contribution from Gynvael Coldwind, both of Google Security Team.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
Security Team.
- CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
with contribution from Gynvael Coldwind, both of Google Security Team.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access. Credit to Google Chrome Security Team (Jüri Aedla).
- CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
Security Team (Justin Schuh).
- CVE-2013-0831: Possible path traversal from extension process. Credit to
Google Chrome Security Team (Tom Sepez).
- CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
Chrome Security Team (Cris Neckar).
- CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
- CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
- CVE-2013-0838: Tighten permissions on shared memory segments. Credit to
Google Chrome Security Team (Chris Palmer).
* New upstream version 23.0.1271.97
- CVE-2012-5139: Use-after-free with visibility events.
- CVE-2012-5140: Use-after-free in URL loader.
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
- CVE-2012-5142: Crash in history navigation.
- CVE-2012-5143: Integer overflow in PPAPI image buffers.
- CVE-2012-5144: Stack corruption in AAC decoding.
* New upstream version 23.0.1271.95
- CVE-2012-5138: Incorrect file path handling.
- CVE-2012-5137: Use-after-free in media source handling.
* New upstream version 23.0.1271.91
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia.
- CVE-2012-5132: Browser crash with chunked encoding.
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
* Includes CVE fixes for 23.0.1271.64
- CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
handling.
- CVE-2012-5120: Out-of-bounds array access in v8.
- CVE-2012-5116: Use-after-free in SVG filter handling.
- CVE-2012-5121: Use-after-free in video layout.
- CVE-2012-5117: Inappropriate load of SVG subresource in img context.
- CVE-2012-5119: Race condition in Pepper buffer handling.
- CVE-2012-5122: Bad cast in input handling.
- CVE-2012-5123: Out-of-bounds reads in Skia.
- CVE-2012-5124: Memory corruption in texture handling.
- CVE-2012-5125: Use-after-free in extension tab handling.
- CVE-2012-5126: Use-after-free in plug-in placeholder handling.
- CVE-2012-5128: Bad write in v8.
* Disable lintian warnings about outdated autoconf files in source tree.
-- Chad Miller <chad.mil...@canonical.com> Wed, 23 Jan 2013 13:43:34 -0500
** Changed in: chromium-browser (Ubuntu Raring)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5116
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5117
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5119
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5120
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5121
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5122
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5123
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5124
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5125
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5126
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5127
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5128
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5130
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5132
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5133
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5134
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5135
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5136
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5137
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5138
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5139
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5140
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5141
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5142
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5143
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5144
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1099075
Title:
new upstream release: 24.0.1312.56
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1099075/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
