PublicDateAtUSN: 2015-03-08
Candidate: CVE-2015-1223
PublicDate: 2015-03-09 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1223
 https://code.google.com/p/chromium/issues/detail?id=454231
 https://chromium.googlesource.com/chromium/blink.git/+/de1fee41e2c1bbfea7a564ad81e0b511a462fe0b
 http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
 https://ubuntu.com/security/notices/USN-2521-1
Description:
 Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp
 in the DOM implementation in Blink, as used in Google Chrome before
 41.0.2272.76, allow remote attackers to cause a denial of service or
 possibly have unspecified other impact via vectors that trigger extraneous
 change events, as demonstrated by events for invalid input or input to
 read-only fields, related to the initializeTypeInParsing and updateType
 functions.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Maksymillian Motyl
Assigned-to:
CVSS: 

Patches_chromium-browser:
upstream_chromium-browser: released (41.0.2272.76)
lucid_chromium-browser: ignored (reached end-of-life)
precise_chromium-browser: ignored
trusty_chromium-browser: released (41.0.2272.76-0ubuntu0.14.04.1.1076)
trusty/esm_chromium-browser: DNE (trusty was released [41.0.2272.76-0ubuntu0.14.04.1.1076])
utopic_chromium-browser: released (41.0.2272.76-0ubuntu0.14.10.1.1118)
vivid_chromium-browser: released (41.0.2272.76-0ubuntu1.1134)
wily_chromium-browser: released (41.0.2272.76-0ubuntu1.1134)
devel_chromium-browser: released (41.0.2272.76-0ubuntu1.1134)

Patches_oxide-qt:
upstream_oxide-qt: released (1.5.5)
lucid_oxide-qt: DNE
precise_oxide-qt: DNE
trusty_oxide-qt: released (1.5.5-0ubuntu0.14.04.3)
trusty/esm_oxide-qt: DNE (trusty was released [1.5.5-0ubuntu0.14.04.3])
utopic_oxide-qt: released (1.5.5-0ubuntu0.14.10.2)
vivid_oxide-qt: released (1.5.5-0ubuntu1)
wily_oxide-qt: released (1.5.5-0ubuntu1)
devel_oxide-qt: released (1.5.5-0ubuntu1)