[Pkg-chromium-commit] chromium-browser/chromium-browser.squeeze: 734 Fixed CVE-2011-0779: does not properly handle a missing key in an extension,
Giuseppe Iuculano
iuculano at debian.org
Fri Mar 11 12:41:03 UTC 2011
Branch name: chromium-browser/chromium-browser.squeeze
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.squeeze
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 734
Revision Id: iuculano at debian.org-20110311124103-g6g63sjxdb890i7p
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : Fixed CVE-2011-0779: does not properly handle a missing key in an extension,
which allows remote attackers to cause a denial of service
(application crash) via a crafted extension.
--------------------------------------------------------
** Added :
- debian/patches/62791.patch
** Modified :
- debian/changelog
- debian/patches/series
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2011-03-06 21:08:23 +0000
+++ b/debian/changelog 2011-03-11 12:41:03 +0000
@@ -1,3 +1,11 @@
+chromium-browser (6.0.472.63~r59945-5+squeeze4) stable-security; urgency=low
+
+ * Fixed CVE-2011-0779: does not properly handle a missing key in an extension,
+ which allows remote attackers to cause a denial of service
+ (application crash) via a crafted extension.
+
+ -- Giuseppe Iuculano <iuculano at debian.org> Fri, 11 Mar 2011 13:39:25 +0100
+
chromium-browser (6.0.472.63~r59945-5+squeeze3) stable-security; urgency=low
* Backported security patches from stable:
=== added file 'debian/patches/62791.patch'
--- a/debian/patches/62791.patch 1970-01-01 00:00:00 +0000
+++ b/debian/patches/62791.patch 2011-03-11 12:41:03 +0000
@@ -0,0 +1,14 @@
+--- a/src/chrome/browser/extensions/sandboxed_extension_unpacker.cc
++++ b/src/chrome/browser/extensions/sandboxed_extension_unpacker.cc
+@@ -200,6 +200,11 @@ bool SandboxedExtensionUnpacker::Validat
+ return false;
+ }
+
++ if (header.signature_size == 0) {
++ ReportFailure("Signature length is zero");
++ return false;
++ }
++
+ std::vector<uint8> key;
+ key.resize(header.key_size);
+ len = fread(&key.front(), sizeof(uint8), header.key_size, file.get());
=== modified file 'debian/patches/series'
--- a/debian/patches/series 2011-03-06 21:08:23 +0000
+++ b/debian/patches/series 2011-03-11 12:41:03 +0000
@@ -71,3 +71,4 @@
70336.patch
72028.patch
73746.patch
+62791.patch
More information about the Pkg-chromium-commit
mailing list