Bug #1477662 “21-july-2015 security fixes not available” : Bugs : chromium-browser package : Ubuntu

Revision history for this message

peterzay (peterzay) wrote on 2015-07-23:

#1

ChromiumPrefs.txt Edit (3.7 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (7.5 KiB, text/plain; charset="utf-8")
DiskUsage.txt Edit (355 bytes, text/plain; charset="utf-8")
InstalledPlugins.txt Edit (753 bytes, text/plain; charset="utf-8")
Lspci.txt Edit (11.9 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (522 bytes, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (3.8 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (103 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (2.2 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (4.6 KiB, text/plain; charset="utf-8")
RelatedPackageVersions.txt Edit (989 bytes, text/plain; charset="utf-8")
RelatedPackagesPolicy.txt Edit (4.5 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (135.5 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (313.8 KiB, text/plain; charset="utf-8")
etcconfigc00example.txt Edit (499 bytes, text/plain; charset="utf-8")

Chad Miller (cmiller) on 2015-07-23

Changed in chromium-browser (Ubuntu):
status:	New → In Progress
assignee:	nobody → Chad Miller (cmiller)

Sebastien Bacher (seb128) on 2015-07-30

Changed in chromium-browser (Ubuntu):
importance:	Undecided → High

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-08-19:

#3

This bug was fixed in the package chromium-browser - 44.0.2403.89-0ubuntu0.15.04.1.1177

---------------
chromium-browser (44.0.2403.89-0ubuntu0.15.04.1.1177) vivid-security; urgency=medium

  * Upstream release 44.0.2403.89: (LP: #1477662)
    - CVE-2015-1271: Heap-buffer-overflow in pdfium.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium.
    - CVE-2015-1274: Settings allowed executable files to run immediately
      after download.
    - CVE-2015-1275: UXSS in Chrome for Android.
    - CVE-2015-1276: Use-after-free in IndexedDB.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium.
    - CVE-2015-1280: Memory corruption in skia.
    - CVE-2015-1281: CSP bypass.
    - CVE-2015-1282: Use-after-free in pdfium.
    - CVE-2015-1283: Heap-buffer-overflow in expat.
    - CVE-2015-1284: Use-after-free in blink.
    - CVE-2015-1286: UXSS in blink.
    - CVE-2015-1287: SOP bypass with CSS.
    - CVE-2015-1270: Uninitialized memory read in ICU.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
      termination.
    - CVE-2015-1277: Use-after-free in accessibility.
    - CVE-2015-1278: URL spoofing using pdf files.
    - CVE-2015-1285: Information leak in XSS auditor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
    first-class component library now, not a special snowflake. Still, build
    it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
    before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
    was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
    than chromium. Depend with version specification also.

-- Chad MILLER <email address hidden> Tue, 28 Jul 2015 11:19:11 -0400

This bug was fixed in the package chromium-browser - 44.0.2403.89-0ubuntu0.15.04.1.1177

---------------
chromium-browser (44.0.2403.89-0ubuntu0.15.04.1.1177) vivid-security; urgency=medium

* Upstream release 44.0.2403.89: (LP: #1477662)
    - CVE-2015-1271: Heap-buffer-overflow in pdfium.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium.
    - CVE-2015-1274: Settings allowed executable files to run immediately
      after download.
    - CVE-2015-1275: UXSS in Chrome for Android.
    - CVE-2015-1276: Use-after-free in IndexedDB.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium.
    - CVE-2015-1280: Memory corruption in skia.
    - CVE-2015-1281: CSP bypass.
    - CVE-2015-1282: Use-after-free in pdfium.
    - CVE-2015-1283: Heap-buffer-overflow in expat.
    - CVE-2015-1284: Use-after-free in blink.
    - CVE-2015-1286: UXSS in blink.
    - CVE-2015-1287: SOP bypass with CSS.
    - CVE-2015-1270: Uninitialized memory read in ICU.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
      termination.
    - CVE-2015-1277: Use-after-free in accessibility.
    - CVE-2015-1278: URL spoofing using pdf files.
    - CVE-2015-1285: Information leak in XSS auditor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
    first-class component library now, not a special snowflake. Still, build
    it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
    before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
    was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
    than chromium. Depend with version specification also.

-- Chad MILLER <chad.miller@canonical.com>  Tue, 28 Jul 2015 11:19:11 -0400

Changed in chromium-browser (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-08-19:

#2

This bug was fixed in the package chromium-browser - 44.0.2403.89-0ubuntu0.14.04.1.1095

---------------
chromium-browser (44.0.2403.89-0ubuntu0.14.04.1.1095) trusty-security; urgency=medium

  * Upstream release 44.0.2403.89: (LP: #1477662)
    - CVE-2015-1271: Heap-buffer-overflow in pdfium.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium.
    - CVE-2015-1274: Settings allowed executable files to run immediately
      after download.
    - CVE-2015-1275: UXSS in Chrome for Android.
    - CVE-2015-1276: Use-after-free in IndexedDB.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium.
    - CVE-2015-1280: Memory corruption in skia.
    - CVE-2015-1281: CSP bypass.
    - CVE-2015-1282: Use-after-free in pdfium.
    - CVE-2015-1283: Heap-buffer-overflow in expat.
    - CVE-2015-1284: Use-after-free in blink.
    - CVE-2015-1286: UXSS in blink.
    - CVE-2015-1287: SOP bypass with CSS.
    - CVE-2015-1270: Uninitialized memory read in ICU.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
      termination.
    - CVE-2015-1277: Use-after-free in accessibility.
    - CVE-2015-1278: URL spoofing using pdf files.
    - CVE-2015-1285: Information leak in XSS auditor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
    first-class component library now, not a special snowflake. Still, build
    it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
    before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
    was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
    than chromium. Depend with version specification also.

-- Chad MILLER <email address hidden> Tue, 28 Jul 2015 11:19:11 -0400

This bug was fixed in the package chromium-browser - 44.0.2403.89-0ubuntu0.14.04.1.1095

---------------
chromium-browser (44.0.2403.89-0ubuntu0.14.04.1.1095) trusty-security; urgency=medium

* Upstream release 44.0.2403.89: (LP: #1477662)
    - CVE-2015-1271: Heap-buffer-overflow in pdfium.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium.
    - CVE-2015-1274: Settings allowed executable files to run immediately
      after download.
    - CVE-2015-1275: UXSS in Chrome for Android.
    - CVE-2015-1276: Use-after-free in IndexedDB.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium.
    - CVE-2015-1280: Memory corruption in skia.
    - CVE-2015-1281: CSP bypass.
    - CVE-2015-1282: Use-after-free in pdfium.
    - CVE-2015-1283: Heap-buffer-overflow in expat.
    - CVE-2015-1284: Use-after-free in blink.
    - CVE-2015-1286: UXSS in blink.
    - CVE-2015-1287: SOP bypass with CSS.
    - CVE-2015-1270: Uninitialized memory read in ICU.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
      termination.
    - CVE-2015-1277: Use-after-free in accessibility.
    - CVE-2015-1278: URL spoofing using pdf files.
    - CVE-2015-1285: Information leak in XSS auditor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
    first-class component library now, not a special snowflake. Still, build
    it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
    before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
    was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
    than chromium. Depend with version specification also.

-- Chad MILLER <chad.miller@canonical.com>  Tue, 28 Jul 2015 11:19:11 -0400

Changed in chromium-browser (Ubuntu):
status:	In Progress → Fix Released

Ubuntu
chromium-browser package

21-july-2015 security fixes not available

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntuchromium-browser package

21-july-2015 security fixes not available

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
chromium-browser package