© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
This bug was fixed in the package chromium-browser - 18.0.1025.
---------------
chromium-browser (18.0.1025.
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/
- update debian/
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
-- Micah Gersten <email address hidden> Sun, 01 Apr 2012 22:17:11 -0500