chromium-browser 14.0.835.202~r103287-0ubuntu0.10.10.1 source package in Ubuntu

Changelog

chromium-browser (14.0.835.202~r103287-0ubuntu0.10.10.1) maverick-security; urgency=low

  * New upstream release from the Stable Channel (LP: #858744)
    This release fixes the following security issues:
    + Chromium issues (13.0.782.220):
      - Trust in Diginotar Intermediate CAs revoked
    + Chromium issues (14.0.835.163):
      - [49377] High CVE-2011-2835: Race condition in the certificate cache.
        Credit to Ryan Sleevi.
      - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
        wbrana.
      - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
        loading plug-ins. Credit to Michal Zalewski.
      - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
        Mario Gomes.
      - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
        Credit to Kostya Serebryany.
      - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
        to Mario Gomes.
      - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
        to Jordi Chancel.
      - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
        Credit to Arthur Gerkis.
      - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
        Credit to miaubiz.
      - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
        Credit to Google Chrome Security Team (Inferno).
      - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
        to Google Chrome Security Team (SkyLined).
      - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
        non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
      - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
        Helin of OUSPG.
      - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
        characters. Credit to Google Chrome Security Team (Inferno).
      - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
        Credit to Google Chrome Security Team (Inferno).
      - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
        session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
    + Chromium issues (14.0.835.202):
      - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
        window prototype. Credit to Sergey Glazunov.
      - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
        handling. Credit to Google Chrome Security Team (Inferno).
      - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
        Credit to Zhenyao Mo.
    + Webkit issues (14.0.835.163):
      - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
        user interaction. Credit to kuzzcc.
      - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
        Credit to Arthur Gerkis.
      - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
        miaubiz.
      - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
        to miaubiz.
      - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
        handing. Credit to Sławomir Błażek, and independent later discoveries by
        miaubiz and Google Chrome Security Team (Inferno).
      - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
        Arthur Gerkis.
      - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
        to miaubiz.
      - [93587] High CVE-2011-2860: Use-after-free in table style handling.
        Credit to miaubiz.
    + Webkit issues (14.0.835.202):
      - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
        Credit to miaubiz.
      - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
        miaubiz.
    + LibXML issue (14.0.835.163):
      - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
        to Yang Dingning
    + V8 issues (14.0.835.163):
      - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
        to Kostya Serebryany
      - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
      - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
        Divricean.
      - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
        Credit to Sergey Glazunov.
      - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
        to Christian Holler.
    + V8 issues (14.0.835.202):
      - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
        bindings. Credit to Sergey Glazunov.
      - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
        Credit to Sergey Glazunov.

  [ Fabien Tassin ]
  * Add libpulse-dev to Build-Depends, needed for WebRTC
    - update debian/control
  * Rename ui/base/strings/app_strings.grd to ui_strings.grd following
    the upstream rename, and add a mapping flag to the grit converter
    - update debian/rules
  * Refresh Patches

  [ Micah Gersten ]
  * Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
    - update debian/rules
  * Drop build dependency on libvpx due to the switch to internal libvpx
    - update debian/control

chromium-browser (13.0.782.215~r97094-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New upstream release from the Stable Channel (LP: #834922)
    This release fixes the following security issues:
    + Chromium issues:
     - [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
       Chrome Security Team (SkyLined).
    + Webkit issues:
     - [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
       to Google Chrome Security Team (SkyLined) and independent later
       discovery by miaubiz.
     - [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
       to miaubiz.
     - [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
       wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
       later discovery by miaubiz.
     - [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
       Credit to Sergey Glazunov.
     - [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
       miaubiz.
     - [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
       arrays. Credit to Sergey Glazunov.
    + libxml2 issue:
     - [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
       Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
       Academy of Sciences.

chromium-browser (13.0.782.107~r94237-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Major upstream release from the Stable Channel (LP: #819991)
    This release fixes the following security issues:
    + Chromium issues:
     - [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
       browser dialog. Credit to Sergey Glazunov.
     - [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
       Credit to kuzzcc.
     - [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
       auth dialog. Credit to kuzzcc.
     - [81307] Medium, CVE-2011-2782: File permissions error with drag and
       drop. Credit to Evan Martin of the Chromium development community.
     - [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
       extension install via a browser dialog. Credit to Sergey Glazunov.
     - [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
       Credit to kuzzcc.
     - [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
       issue. Credit to kuzzcc.
     - [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
       instantiation. Credit to Mario Gomes and kuzzcc.
     - [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
       being web accessible. Credit to sirdarckcat of the Google Security Team.
     - [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
       to Google Chrome Security Team (Inferno).
    + Webkit issues:
     - [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
       in rendering. Credit to miaubiz and Martin Barbella.
     - [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
       log. Credit to kuzzcc.
     - [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
       on-screen. Credit to Olli Pettay of Mozilla.
     - [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
       Credit to Mikołaj Małecki.
     - [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
       to miaubiz.
     - [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
       to miaubiz.
     - [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
       to miaubiz.
     - [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
       Credit to miaubiz.
     - [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
       Wei-Long.
     - [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
       Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
       development community.
     - [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
       to miaubiz.
     - [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
       Credit to miaubiz.
     - [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
       Credit to Juho Nurminen.
     - [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
       Christian Holler.
     - [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
       miaubiz.
     - [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
       Credit to Martin Barbella.
     - [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
       Sergey Glazunov.
     - [90222] High, CVE-2011-2819: Cross-origin violation in base URI
       handling. Credit to Sergey Glazunov.
    + ICU 4.6 issue:
     - [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
       Dingning from NCNIPC, Graduate University of Chinese Academy of
       Sciences.
  Packaging changes:
  * Run the gclient hooks when creating the source tarball, as we need files
    from the Native Client's integrated runtime (IRT) library.
    Install the NaCL IRT files in the main deb
    - update debian/rules
    - update debian/chromium-browser.install
 -- Micah Gersten <email address hidden>   Wed, 12 Oct 2011 03:01:05 -0500