[Pkg-chromium-maint] Bug#636567: chromium-browser: Google chrome has new upstream release 13.0.782.107

shirish शिरीष shirishag75 at gmail.com
Thu Aug 4 07:17:24 UTC 2011 

Package: chromium-browser
Version: 12.0.742.112~r90304-1
Severity: wishlist

*** Please type your report below this line ***

Hi all,
 Google Chrome released 13.0.782.107 and one can find the relevant
posting here :-

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html

This is the changelog given :-

[75821] Medium CVE-2011-2358: Always confirm an extension install via
a browser dialog. Credit to Sergey Glazunov.
[$1000 each] [78841] High CVE-2011-2359: Stale pointer due to bad line
box tracking in rendering. Credit to miaubiz and Martin Barbella.
[79266] Low CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
[79426] Low CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
[Linux only] [81307] Medium CVE-2011-2782: File permissions error with
drag and drop. Credit to Evan Martin of the Chromium development
community.
[83273] Medium CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
[83841] Low CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
[84402] Low CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
[84600] Low CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
[84805] Medium CVE-2011-2787: Browser crash due to GPU lock
re-entrancy issue. Credit to kuzzcc.
[85559] Low CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
[$500 each] [85808] Medium CVE-2011-2789: Use after free in Pepper
plug-in instantiation. Credit to Mario Gomes and kuzzcc.
[$1000] [86502] High CVE-2011-2790: Use-after-free with floating
styles. Credit to miaubiz.
[$1000] [86900] High CVE-2011-2791: Out-of-bounds write in ICU. Credit
to Yang Dingning from NCNIPC, Graduate University of Chinese Academy
of Sciences.
[$1000] [87148] High CVE-2011-2792: Use-after-free with float removal.
Credit to miaubiz.
[$1000] [87227] High CVE-2011-2793: Use-after-free in media selectors.
Credit to miaubiz.
[$500] [87298] Medium CVE-2011-2794: Out-of-bounds read in text
iteration. Credit to miaubiz.
[$500] [87339] Medium CVE-2011-2795: Cross-frame function leak. Credit
to Shih Wei-Long.
[87548] High CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
[$1000] [87729] High CVE-2011-2797: Use-after-free in resource
caching. Credit to miaubiz.
[87815] Low CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security
Team.
[$1000] [87925] High CVE-2011-2799: Use-after-free in HTML range
handling. Credit to miaubiz.
[$500] [88337] Medium CVE-2011-2800: Leak of client-side redirect
target. Credit to Juho Nurminen.
[$1000] [88591] High CVE-2011-2802: v8 crash with const lookups.
Credit to Christian Holler.
[88827] Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
[$1000] [88846] High CVE-2011-2801: Use-after-free in frame loader.
Credit to miaubiz.
[$1000] [88889] High CVE-2011-2818: Use-after-free in display box
rendering. Credit to Martin Barbella.
[$500] [89142] High CVE-2011-2804: PDF crash with nested functions.
Credit to Aki Helin of OUSPG.
[$1500] [89520] High CVE-2011-2805: Cross-origin script injection.
Credit to Sergey Glazunov.
[$1500] [90222] High CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.

basically seem to be lot of security and couple of memory/rendering fixes.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'),
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages chromium-browser depends on:
ii  chromium           12.0.742.112~r90304-1 Chromium browser

chromium-browser recommends no packages.

chromium-browser suggests no packages.

-- no debconf information

-- 
          Regards,
          Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3  8D70 950D 53FB 729A 8B17

More information about the Pkg-chromium-maint mailing list