5.0.375.70 security update available

This bug was fixed in the package chromium-browser - 5.0.375.70~r48679-0ubuntu1

---------------
chromium-browser (5.0.375.70~r48679-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #591474)
    Fixes the following security issues:
    - [15766] Medium Cross-origin keystroke redirection. Credit to Michal
      Zalewski of Google Security Team.
    - [39985] High Cross-origin bypass in DOM methods. Credit to Sergey
      Glazunov.
    - [42723] High Memory error in table layout. Credit to wushi of team509.
    - [43304] High Linux sandbox escape. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43307] High Bitmap stale pointer. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43315] High Memory corruption in DOM node normalization. Credit to Mark
      Dowd under contract to Google Chrome Security Team.
    - [43487] High Memory corruption in text transforms. Credit to wushi of
      team509.
    - [43902] Medium XSS in innerHTML property of textarea. Credit to
      sirdarckcat of Google Security Team.
    - [44740] High Memory corruption in font handling. Credit: Apple.
    - [44868] High Geolocation events fire after document deletion. Credit to
      Google Chrome Security Team (Justin Schuh).
    - [44955] High Memory corruption in rendering of list markers. Credit:
      Apple.
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 09 Jun 2010 07:30:50 +0200

An updated packaged for Lucid has been uploaded to the ubuntu-security-proposed ppa and is currently building.

ACK, though the new packaging also includes:
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules

These items will need to be separately tested.

Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Installed 5.0.375.70~r48679-0ubuntu0.10.04.1 from ubuntu-security-proposed (ie, what was just copied to lucid-proposed) and it works fine.

I installed 5.0.375.70~r48679-0ubuntu0.10.04.1 from lucid-proposed and it works fine.

Tested 5.0.375.70~r48679-0ubuntu0.10.04.1 from lucid-proposed and works ok.

This bug was fixed in the package chromium-browser - 5.0.375.70~r48679-0ubuntu0.10.04.1

---------------
chromium-browser (5.0.375.70~r48679-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #591474)
    Fixes the following security issues:
    - [15766] Medium Cross-origin keystroke redirection. Credit to Michal
      Zalewski of Google Security Team.
    - [39985] High Cross-origin bypass in DOM methods. Credit to Sergey
      Glazunov.
    - [42723] High Memory error in table layout. Credit to wushi of team509.
    - [43304] High Linux sandbox escape. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43307] High Bitmap stale pointer. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43315] High Memory corruption in DOM node normalization. Credit to Mark
      Dowd under contract to Google Chrome Security Team.
    - [43487] High Memory corruption in text transforms. Credit to wushi of
      team509.
    - [43902] Medium XSS in innerHTML property of textarea. Credit to
      sirdarckcat of Google Security Team.
    - [44740] High Memory corruption in font handling. Credit: Apple.
    - [44868] High Geolocation events fire after document deletion. Credit to
      Google Chrome Security Team (Justin Schuh).
    - [44955] High Memory corruption in rendering of list markers. Credit:
      Apple.
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 09 Jun 2010 07:30:50 +0200