[Pkg-chromium-commit] chromium-browser/chromium-browser.squeeze: 734 Fixed CVE-2011-0779: does not properly handle a missing key in an extension,

Giuseppe Iuculano iuculano at debian.org
Fri Mar 11 12:41:03 UTC 2011 

Branch name: chromium-browser/chromium-browser.squeeze
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.squeeze
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 734
Revision Id: iuculano at debian.org-20110311124103-g6g63sjxdb890i7p
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : Fixed CVE-2011-0779: does not properly handle a missing key in an extension,
which allows remote attackers to cause a denial of service
(application crash) via a crafted extension.


--------------------------------------------------------
  ** Added :
        - debian/patches/62791.patch

  ** Modified :
        - debian/changelog
        - debian/patches/series

-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2011-03-06 21:08:23 +0000
+++ b/debian/changelog	2011-03-11 12:41:03 +0000
@@ -1,3 +1,11 @@
+chromium-browser (6.0.472.63~r59945-5+squeeze4) stable-security; urgency=low
+
+  * Fixed CVE-2011-0779: does not properly handle a missing key in an extension,
+    which allows remote attackers to cause a denial of service
+   (application crash) via a crafted extension.
+
+ -- Giuseppe Iuculano <iuculano at debian.org>  Fri, 11 Mar 2011 13:39:25 +0100
+
 chromium-browser (6.0.472.63~r59945-5+squeeze3) stable-security; urgency=low
 
   * Backported security patches from stable:

=== added file 'debian/patches/62791.patch'
--- a/debian/patches/62791.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/62791.patch	2011-03-11 12:41:03 +0000
@@ -0,0 +1,14 @@
+--- a/src/chrome/browser/extensions/sandboxed_extension_unpacker.cc
++++ b/src/chrome/browser/extensions/sandboxed_extension_unpacker.cc
+@@ -200,6 +200,11 @@ bool SandboxedExtensionUnpacker::Validat
+     return false;
+   }
+ 
++  if (header.signature_size == 0) {
++    ReportFailure("Signature length is zero");
++    return false;
++  }
++
+   std::vector<uint8> key;
+   key.resize(header.key_size);
+   len = fread(&key.front(), sizeof(uint8), header.key_size, file.get());

=== modified file 'debian/patches/series'
--- a/debian/patches/series	2011-03-06 21:08:23 +0000
+++ b/debian/patches/series	2011-03-11 12:41:03 +0000
@@ -71,3 +71,4 @@
 70336.patch
 72028.patch
 73746.patch
+62791.patch

More information about the Pkg-chromium-commit mailing list