Debian Bug report logs -
#607846
chromium-browser: CVE-2010-4575 (DoS) Does not properly handle incorrect tab interaction by an extension
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>:
Bug#607846; Package chromium-browser.
(Wed, 22 Dec 2010 22:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>.
(Wed, 22 Dec 2010 22:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: chromium-browser
Version: 6.0.472.63~r59945-3
Severity: important
Tags: upstream patch security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The ThemeInstalledInfoBarDelegate::Observe function in
browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome
before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle
incorrect tab interaction by an extension, which allows user-assisted remote
attackers to cause a denial of service (application crash) via a crafted
extension.
I tested this on sid and confirmed the error.
The attached patch comes from r68112 in the upstream repository and it's
issue 60761 (code review at http://codereview.chromium.org/5326011/).
- -- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages chromium-browser depends on:
ii chromium-browser-ins 6.0.472.63~r59945-3 page inspector for the chromium-br
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libcups2 1.4.5-1 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.24-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.88-2 simple interprocess messaging syst
ii libevent-1.4-2 1.4.13-stable-1 An asynchronous event notification
ii libexpat1 2.0.1-7 XML parsing C library - runtime li
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.5-10 GCC support library
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgl1-mesa-glx [lib 7.7.1-4 A free implementation of the OpenG
ii libglewmx1.5 1.5.4-1 The OpenGL Extension Wrangler - ru
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libicu44 4.4.2-2 International Components for Unico
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.8-1 Network Security Service libraries
ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libstdc++6 4.4.5-10 The GNU Standard C++ Library v3
ii libv8-2.2.24 2.2.24-7 V8 JavaScript Engine
ii libvpx0 0.9.1-2 VP8 video codec (shared library)
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxml2 2.7.8.dfsg-1 GNOME XML library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxslt1.1 1.1.26-6 XSLT 1.0 processing library - runt
ii libxss1 1:1.2.1-1 X11 Screen Saver extension library
ii xdg-utils 1.0.2+cvs20100307-3 desktop integration utilities from
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
chromium-browser recommends no packages.
Versions of packages chromium-browser suggests:
ii chromium-browser-l10 6.0.472.63~r59945-3 chromium-browser language packages
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNEn4LAAoJEFOUR53TUkxRgWMP/3JCWhyGJqy57mp0F+M1cr5b
kHNrmUKiCTdcRB+stV/hsnz0MJ6gsdGbSCbBpIh6kLQN+k5XHNGjzClGKvUk0bJP
shfBcjxLjlgvorocEORRlxbgD+yRYIe/9fdkaNks/TGwLLYro/gVz8Y/nbAr1KdT
q+CFKYus+GnZB7Mat5GHnvFZo0wO+LNyjN3llyRWPyfJvpl/lvlEWgOxdtVstKX1
51J/99PYKVHHF0Tw1LGqiWQl8ilWLKdHcm42bqUyS6nU60Z28rr+qUmmUxh0unL3
J+/qYrz02P1gLht8Q3ioQlkN1E+Cr9jF59PvufQ2df1a1aTQ46ffX7UfVoNw6Fi2
Xc1UH+F2KJy32W/SiKqzGsSfliswtub5SkS3trr1l4eYunamcmNfVSXgrpNnKiR8
p7zG07YdDkkg8rTYAhaPz66ZG1AL+teYUZdvhQC3CVavjcAfdR+w8Q27X0R9dTbv
Fz0bolGuAxVauE0VVg6xEhEmQ7I2K6mYcFyJHui3QJJYawuUE7WLwdgVztTEcsNG
MpnZQOYy/m8AxQTcS7OYQykILiL10+gifBZvT/SrcZtAgPquzwvZVANnT9HivOE5
hTVmCb/Bnyb8hrhgY8lrMTf8/ipLnicb03yjMF8VveYGVYLGl9Mb/hNr5L26aAO4
APY9KNe1rs9E35HAjqIS
=COxd
-----END PGP SIGNATURE-----
[CVE-2010-4575.patch (text/x-c++, attachment)]
Reply sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
You have taken responsibility.
(Thu, 23 Dec 2010 19:36:12 GMT) (full text, mbox, link).
Notification sent
to Jonathan Wiltshire <jmw@debian.org>:
Bug acknowledged by developer.
(Thu, 23 Dec 2010 19:36:12 GMT) (full text, mbox, link).
Message #12 received at 607846-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 6.0.472.63~r59945-4
This was fixed in 6.0.472.63~r59945-4
Cheers,
Giuseppe
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 21 Jan 2011 07:34:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:19:38 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon