21-july-2015 security fixes not available
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
High
|
Chad Miller |
Bug Description
On July 21, 2015, security fixes were made available in a new release 44.0.2403.89 of the browser.
My browser is at 43.0.2357.130 for Ubuntu 14.04 despite repeated updates.
Since the security fixes are urgent, could you please make them available immediately?
More info here:
http://
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: chromium-browser 43.0.2357.
ProcVersionSign
Uname: Linux 3.13.0-58-generic i686
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: i386
CurrentDesktop: Unity
CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
Date: Thu Jul 23 11:53:12 2015
Desktop-Session:
'ubuntu'
'/etc/
'/usr/
DetectedPlugins:
EcryptfsInUse: Yes
Env:
'None'
'None'
InstallationDate: Installed on 2014-04-29 (449 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release i386 (20140417)
Load-Avg-1min: 0.22
Load-Processes-
MachineType: Dell Inc. Inspiron 660
ProcKernelCmdLine: BOOT_IMAGE=
SourcePackage: chromium-browser
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 10/14/2013
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A11
dmi.board.name: 0XR1GT
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.
dmi.product.name: Inspiron 660
dmi.sys.vendor: Dell Inc.
gconf-keys: /desktop/
modified.
modified.
mtime.conffile.
Changed in chromium-browser (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Chad Miller (cmiller) |
Changed in chromium-browser (Ubuntu): | |
importance: | Undecided → High |
This bug was fixed in the package chromium-browser - 44.0.2403. 89-0ubuntu0. 15.04.1. 1177
--------------- 89-0ubuntu0. 15.04.1. 1177) vivid-security; urgency=medium
chromium-browser (44.0.2403.
* Upstream release 44.0.2403.89: (LP: #1477662) overflow in pdfium. overflow in pdfium. overflow in pdfium. overflow in expat. chromium- codecs- ffmpeg{ ,-extra} .install: ffmpeg is a tests/smoketest -actual: Remove some innocuous mentions of "error"
- CVE-2015-1271: Heap-buffer-
- CVE-2015-1273: Heap-buffer-
- CVE-2015-1274: Settings allowed executable files to run immediately
after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules, debian/
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
* debian/
before testing for actual errors.
* debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.
-- Chad MILLER <email address hidden> Tue, 28 Jul 2015 11:19:11 -0400