This bug was fixed in the package chromium-browser - 31.0.1650.63-0ubuntu0.13.10.1~20131204.1
--------------- chromium-browser (31.0.1650.63-0ubuntu0.13.10.1~20131204.1) saucy-security; urgency=low * Release to stage at ppa:canonical-chromium-builds/stage chromium-browser (31.0.1650.63-0ubuntu0.13.10.1) saucy-security; urgency=low * New release 31.0.1650.63: - CVE-2013-6634: Session fixation in sync related to 302 redirects. - CVE-2013-6635: Use-after-free in editing. - CVE-2013-6636: Address bar spoofing related to modal dialogs. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. chromium-browser (31.0.1650.57-0ubuntu0.13.10.3) saucy-security; urgency=low * debian/control: Drop libnss version number in Depends. We only need to recompile. (LP: #1251454) chromium-browser (31.0.1650.57-0ubuntu0.13.10.2) saucy-security; urgency=low * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium in apport reports. * debian/control: Abandon nss transitional package as Dependency, and add real package with epoch version number. chromium-browser (31.0.1650.57-0ubuntu0.13.10.1) saucy-security; urgency=low * New release 31.0.1650.57: - CVE-2013-6632: Multiple memory corruption issues. * New release 31.0.1650.48: (LP: #1250579) - CVE-2013-6621: Use after free related to speech input elements. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to "id" attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. * debian/chromium-chromedriver.install: Drop unsupported, broken old chromedriver v1 and add chromedriver2. * Update webapps patches. * Disable chromedriver testing until the new server-test client dependencies are figured out. * Drop base_unittests and automated_ui_tests build and automatic test and from installation exclusion. * Include wildcat package 'pepflashplugin-nonfree' in apport reportting. chromium-browser (30.0.1599.114-0ubuntu0.13.10.3) saucy-security; urgency=low * debian/patches/menu-bar-visible.patch: Don't treat object as object reference. * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem introduced in menu-bar-visible patch. * debian/rules: Fix typo of Precise conditional. * debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make SIGSYS handler in sandbox safe and never call itself. (LP: #1195797) * debian/rules, debian/control: Use standard hardening flags, not hardening-wrapper. * debian/control: Build-depend on binutils, which already includes gold linker. * debian/control: Drop some unused build-deps: autotools-dev, binutils, flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64], libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev, libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev, libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev, libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev, patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev, * debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes tab titles disappear due to a pango bug. * debian/tests/control: Drop Depends on obselete package libunity-webapps-chromium. -- Chad MILLER <chad.mil...@canonical.com> Mon, 09 Dec 2013 21:48:03 -0500 ** Changed in: chromium-browser (Ubuntu) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6622 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6632 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6634 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6635 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6636 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6637 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6638 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6639 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6640 ** Changed in: chromium-browser (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1250579 Title: Security fixes from 31.0.1650.48 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1250579/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs