desktop-packages team mailing list archive

Thread
Date
[Bug 1468666] Re: Chromium VERSION on Ubuntu 12.04 LTS

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Manfred Hampl <1468666@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Jun 2015 12:53:28 -0000
Reply-to: Bug 1468666 <1468666@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Due to missing security updates, the available chromium-browser in
precise is vulnerable to a number of security weaknesses, among others

  * Upstream release 43.0.2357.65:
    - CVE-2015-1252: Sandbox escape in Chrome.
    - CVE-2015-1253: Cross-origin bypass in DOM.
    - CVE-2015-1254: Cross-origin bypass in Editing.
    - CVE-2015-1255: Use-after-free in WebAudio.
    - CVE-2015-1256: Use-after-free in SVG.
    - CVE-2015-1251: Use-after-free in Speech.
    - CVE-2015-1257: Container-overflow in SVG.
    - CVE-2015-1258: Negative-size parameter in Libvpx.
    - CVE-2015-1259: Uninitialized value in PDFium.
    - CVE-2015-1260: Use-after-free in WebRTC.
    - CVE-2015-1261: URL bar spoofing.
    - CVE-2015-1262: Uninitialized value in Blink.
    - CVE-2015-1263: Insecure download of spellcheck dictionary.
    - CVE-2015-1264: Cross-site scripting in bookmarks.
    - CVE-2015-1265: Various fixes from internal audits, fuzzing and other
      initiatives.
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
      (currently 4.3.61.21).
  * Upstream release 42.0.2311.135:
    - CVE-2015-1243: Use-after-free in DOM.
    - CVE-2015-1250: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 42.0.2311.90:
    - CVE-2015-1235: Cross-origin-bypass in HTML parser.
    - CVE-2015-1236: Cross-origin-bypass in Blink.
    - CVE-2015-1237: Use-after-free in IPC.
    - CVE-2015-1238: Out-of-bounds write in Skia.
    - CVE-2015-1240: Out-of-bounds read in WebGL.
    - CVE-2015-1241: Tap-Jacking.
    - CVE-2015-1242: Type confusion in V8.
    - CVE-2015-1244: HSTS bypass in WebSockets.
    - CVE-2015-1245: Use-after-free in PDFium.
    - CVE-2015-1247: Scheme issues in OpenSearch.
    - CVE-2015-1248: SafeBrowsing bypass.
  * Upstream release 41.0.2272.118:
    - CVE-2015-1233: A special thanks to Anonymous for a combination of V8,
      Gamepad and IPC bugs that can lead to remote code execution outside of
      the sandbox.
    - CVE-2015-1234: Buffer overflow via race condition in GPU.
etc. etc. (just look at the change history of the 39.* to 43.* versions)

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1233

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1234

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1235

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1236

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1237

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1238

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1240

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1241

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1242

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1243

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1244

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1245

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1247

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1248

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1250

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1251

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1252

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1253

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1254

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1255

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1256

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1257

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1258

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1259

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1260

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1261

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1262

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1263

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1264

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1265

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1468666

Title:
  Chromium VERSION on Ubuntu 12.04 LTS

Status in chromium-browser package in Ubuntu:
  Confirmed

Bug description:
  Why there is no updates for the Chromium version in Precise?! The
  current version is ages away from the Latest stable version of
  chromium?!

  The latest version for 12.04 is 37.0.2062.120
  The latest version for 14.04 is  43.0.2357.81

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1468666/+subscriptions
References

[Bug 1468666] [NEW] Chromium VERSION on Ubuntu 12.04 LTS
From: El Achèche ANIS, 2015-06-25