-
chromium-browser (6.0.472.63~r59945-5+squeeze6) stable-security; urgency=low
* Added gbp.conf
* Fixed CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
* Fixed CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen
* FIxed CVE-2011-2359: Stale pointer due to bad line box tracking in
rendering. Credit to miaubiz and Martin Barbella.
* Blacklist SSL certificates issued by DigiNotar-controlled intermediate CAs
used by the Dutch PKIoverheid program
-- Giuseppe Iuculano <email address hidden> Fri, 09 Sep 2011 22:05:07 +0200
-
chromium-browser (6.0.472.63~r59945-5+squeeze5) stable-security; urgency=low
* Fixed CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek. * Fixed CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov. * Fixed CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez. * Fixed CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. * Fixed CVE-2011-1797: stale pointer in table captioning (credit: wushi) * Fixed CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit to Google Chrome Security Team (SkyLined). -- Giuseppe Iuculano <email address hidden> Fri, 13 May 2011 18:57:51 +0200
-
chromium-browser (6.0.472.63~r59945-5+squeeze4) stable-security; urgency=low
* Fixed CVE-2011-0779: does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. * Fixed CVE-2011-1290: Integer overflow in style elements * Removed mips from arch to avoid flood of given-back build log -- Giuseppe Iuculano <email address hidden> Fri, 11 Mar 2011 13:56:22 +0100
-
chromium-browser (6.0.472.63~r59945-5) unstable; urgency=high
* Backported security patches from stable: - High Bad pointer handling in node iteration. Credit to Sergey Glazunov. - High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. - High Stale pointer with CSS + cursors. Credit to Jan Tošovský. - High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz. - High Vorbis decoder buffer overflows. Credit to David Warren of CERT. - High Bad cast in anchor handling. Credit to Sergey Glazunov. - High Bad cast in video handling. Credit to Sergey Glazunov. - High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). -- Giuseppe Iuculano <email address hidden> Sat, 15 Jan 2011 12:04:52 +0100
-
chromium-browser (6.0.472.63~r59945-4) unstable; urgency=high
* Backported security patches from stable: - [64-bit Linux only] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community. - Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google. - Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf. - High Stale pointers in cursor handling. Credit to Sławomir Błażek and Sergey Glazunov. -- Giuseppe Iuculano <email address hidden> Sat, 18 Dec 2010 17:39:19 +0100
-
chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high
* Added the missing changelog credit for the 5.0.375.29~r46008-1 revision.
Obviously this was not a "stealing" as foolishly written by Fabien Tassin
in a blog rant, but was a bad debian/changelog merge.
* Backported security patches from stable:
- High Use-after-free in text editing. Credit to David Bloom of the Google
Security Team, Google Chrome Security Team (Inferno) and Google Chrome
Security Team (Cris Neckar).
- High Memory corruption with enormous text area. Credit to wushi of
team509.
- High Bad cast with the SVG use element. Credit to the kuzzcc.
- High Use-after-free in text control selections. Credit to "vkouchna".
- High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
- High Bad use of destroyed frame object. Credit to various developers,
including "gundlach".
- High Type confusions with event objects. Credit to "fam.lam" and Google
Chrome Security Team (Inferno).
- High Out-of-bounds array access in SVG handling. Credit to wushi of
team509.
-- Giuseppe Iuculano <email address hidden> Fri, 05 Nov 2010 09:19:33 +0100
-
chromium-browser (6.0.472.63~r59945-1) unstable; urgency=high
* New stable microrelease.
* Allow to choose whether links are opened in a new link or new tab.
(Closes: #581391) Thanks to Sam Morris
* Backported security patches:
- Medium Possible autofill / autocomplete profile spamming. Credit to
Google Chrome Security Team (Inferno).
- High Crash with forms. Credit to the Chromium development community.
- Critical Browser crash with form autofill. Credit to the Chromium
development community.
- High Possible URL spoofing on page unload. Credit to kuzzcc; plus
independent discovery by Jordi Chancel.
- High Possible memory corruption with animated GIF. Credit to Simon Schaak.
- High Failure to sandbox worker processes on Linux. Credit to Google
Chrome Security Team (Chris Evans).
- High Stale elements in an element map. Credit to Michal Zalewski of the
Google Security Team.
-- Giuseppe Iuculano <email address hidden> Tue, 19 Oct 2010 12:59:21 +0200
-
chromium-browser (6.0.472.62~r59676-1) unstable; urgency=low
* New stable security microrelease:
- [55114] High Bad cast with malformed SVG. Credit to wushi of team 509.
- [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron
Ten-Hove of Google.
- [55350] High Cross-origin property pollution. Credit to Stefano Di Paola
of MindedSecurity.
* Add translations for the "Name" field in the desktop file, and fix
some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
* Build with PIE (Position Independent Executable)
-- Giuseppe Iuculano <email address hidden> Sat, 18 Sep 2010 16:48:44 +0200
-
chromium-browser (5.0.375.127~r55887-1) unstable; urgency=high
* New stable security microrelease.
- Critical. Memory corruption with file dialog. Credit to Sergey Glazunov.
- High. Memory corruption with SVGs. Credit to wushi of team509.
- High. Bad cast with text editing. Credit to wushi of team509.
- High. Possible address bar spoofing with history bug. Credit to Mike
Taylor.
- High. Memory corruption in MIME type handling. Credit to Sergey Glazunov.
- Critical. Crash on shutdown due to notifications bug. Credit to Sergey
Glazunov.
- Medium. Stop omnibox autosuggest if the user might be about to type a
password. Credit to Robert Hansen.
- High. Memory corruption with Ruby support. Credit to kuzzcc.
- High. Memory corruption with Geolocation support. Credit to kuzzcc.
* Remove gecko-mediaplayer from blacklist (Closes: #590145)
-- Giuseppe Iuculano <email address hidden> Fri, 20 Aug 2010 11:09:16 +0200
-
chromium-browser (5.0.375.125~r53311-1) unstable; urgency=medium
* Flush cairo surface at end of CanvasPaintLinux (Closes: #587164)
* New stable micro release:
- Medium Memory contents disclosure in layout code. Credit to Michail
Nikolaev.
- High Issue with large canvases. Credit to sp3x of SecurityReason.com.
- High Memory corruption in rendering code. Credit to Jose A. Vazquez.
- High Memory corruption in SVG handling. Credit to Aki Helin of OUSPG.
- Low Avoid hostname truncation and incorrect eliding. Credit to Google
Chrome Security Team (Inferno).
-- Giuseppe Iuculano <email address hidden> Tue, 27 Jul 2010 12:44:58 +0200
