Ubuntu
chromium-browser package

8.0.552.224~r68599 -> 8.0.552.237~r70801 security update

Bug #702542 reported by Fabien Tassin
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Fabien Tassin
Lucid
Fix Released
High
Unassigned
Maverick
Fix Released
High
Unassigned
Natty
Fix Released
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new minor security update: 8.0.552.237~r70801
needed in natty, maverick and lucid.

it qualifies for the SRU exception.

Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 8.0.552.237~r70801-0ubuntu1

---------------
chromium-browser (8.0.552.237~r70801-0ubuntu1) natty; urgency=high

  * New upstream release from the Stable Channel (LP: #702542)
    This release fixes the following security issues:
    - [58053] Medium, Browser crash in extensions notification handling. Credit
      to Eric Roman of the Chromium development community.
    - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
      Glazunov.
    - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
    - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - [67303] High, Bad memory access with mismatched video frame sizes. Credit
      to Aki Helin of OUSPG; plus independent discovery by Google Chrome
      Security Team (SkyLined) and David Warren of CERT.
    - [67363] High, Stale pointer with SVG use element. Credited anonymously;
      plus indepdent discovery by miaubiz.
    - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
      extension. Credit to kuzzcc.
    - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
      CERT.
    - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
    - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
    - [68439] High, Stale rendering node after DOM node removal. Credit to
      Martin Barbella; plus independent discovery by Google Chrome Security
      Team (SkyLined).
    - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
      Glazunov.
  * Add the chrome/app/policy/policy_templates.grd template to the list
    of templates translated in Launchpad
    - update debian/rules
  * Add Basque and Galician to the list of supported langs for the lang-packs
    (translations from Launchpad/Rosetta)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 13 Jan 2011 07:31:05 +0100

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Lucid and maverick uploaded to the security proposed PPA.

tags: added: security-verification
security vulnerability: no → yes
Revision history for this message
Micah Gersten (micahg) wrote :

Tested on Lucid i386 with QRT, passed verification
I did have a problem with a few openoffice documents, but I believe it to be a local issue

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed for maverick and lucid. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance!

tags: removed: security-verification
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Tested lucid and maverick on amd64 (and maverick on i386), and upgrade went fine and it passes QRT's test-browser.py.

tags: added: verification-needed
Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 8.0.552.237~r70801-0ubuntu0.10.10.1

---------------
chromium-browser (8.0.552.237~r70801-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream release from the Stable Channel (LP: #702542)
    This release fixes the following security issues:
    - [58053] Medium, Browser crash in extensions notification handling. Credit
      to Eric Roman of the Chromium development community.
    - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
      Glazunov.
    - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
    - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - [67303] High, Bad memory access with mismatched video frame sizes. Credit
      to Aki Helin of OUSPG; plus independent discovery by Google Chrome
      Security Team (SkyLined) and David Warren of CERT.
    - [67363] High, Stale pointer with SVG use element. Credited anonymously;
      plus indepdent discovery by miaubiz.
    - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
      extension. Credit to kuzzcc.
    - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
      CERT.
    - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
    - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
    - [68439] High, Stale rendering node after DOM node removal. Credit to
      Martin Barbella; plus independent discovery by Google Chrome Security
      Team (SkyLined).
    - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
      Glazunov.
  * Add the chrome/app/policy/policy_templates.grd template to the list
    of templates translated in Launchpad
    - update debian/rules
  * Add Basque and Galician to the list of supported langs for the lang-packs
    (translations from Launchpad/Rosetta)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 13 Jan 2011 07:31:05 +0100

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 8.0.552.237~r70801-0ubuntu0.10.04.1

---------------
chromium-browser (8.0.552.237~r70801-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream release from the Stable Channel (LP: #702542)
    This release fixes the following security issues:
    - [58053] Medium, Browser crash in extensions notification handling. Credit
      to Eric Roman of the Chromium development community.
    - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
      Glazunov.
    - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
    - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - [67303] High, Bad memory access with mismatched video frame sizes. Credit
      to Aki Helin of OUSPG; plus independent discovery by Google Chrome
      Security Team (SkyLined) and David Warren of CERT.
    - [67363] High, Stale pointer with SVG use element. Credited anonymously;
      plus indepdent discovery by miaubiz.
    - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
      extension. Credit to kuzzcc.
    - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
      CERT.
    - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
    - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
    - [68439] High, Stale rendering node after DOM node removal. Credit to
      Martin Barbella; plus independent discovery by Google Chrome Security
      Team (SkyLined).
    - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
      Glazunov.
  * Add the chrome/app/policy/policy_templates.grd template to the list
    of templates translated in Launchpad
    - update debian/rules
  * Add Basque and Galician to the list of supported langs for the lang-packs
    (translations from Launchpad/Rosetta)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 13 Jan 2011 07:31:05 +0100

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.