Ubuntu

5.0.375.70 security update available

Reported by Jamie Strandboge on 2010-06-08
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Unassigned
Lucid
High
Unassigned

Bug Description

security vulnerability: no → yes
Changed in chromium-browser (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.70~r48679-0ubuntu1

---------------
chromium-browser (5.0.375.70~r48679-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #591474)
    Fixes the following security issues:
    - [15766] Medium Cross-origin keystroke redirection. Credit to Michal
      Zalewski of Google Security Team.
    - [39985] High Cross-origin bypass in DOM methods. Credit to Sergey
      Glazunov.
    - [42723] High Memory error in table layout. Credit to wushi of team509.
    - [43304] High Linux sandbox escape. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43307] High Bitmap stale pointer. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43315] High Memory corruption in DOM node normalization. Credit to Mark
      Dowd under contract to Google Chrome Security Team.
    - [43487] High Memory corruption in text transforms. Credit to wushi of
      team509.
    - [43902] Medium XSS in innerHTML property of textarea. Credit to
      sirdarckcat of Google Security Team.
    - [44740] High Memory corruption in font handling. Credit: Apple.
    - [44868] High Geolocation events fire after document deletion. Credit to
      Google Chrome Security Team (Justin Schuh).
    - [44955] High Memory corruption in rendering of list markers. Credit:
      Apple.
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 09 Jun 2010 07:30:50 +0200

Changed in chromium-browser (Ubuntu):
status: Confirmed → Fix Released
Changed in chromium-browser (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → High
Jamie Strandboge (jdstrand) wrote :

An updated packaged for Lucid has been uploaded to the ubuntu-security-proposed ppa and is currently building.

Jamie Strandboge (jdstrand) wrote :

ACK, though the new packaging also includes:
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules

These items will need to be separately tested.

Changed in chromium-browser (Ubuntu Lucid):
status: Confirmed → In Progress
Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Jamie Strandboge (jdstrand) wrote :

Installed 5.0.375.70~r48679-0ubuntu0.10.04.1 from ubuntu-security-proposed (ie, what was just copied to lucid-proposed) and it works fine.

Marc Deslauriers (mdeslaur) wrote :

I installed 5.0.375.70~r48679-0ubuntu0.10.04.1 from lucid-proposed and it works fine.

Daniel Serpell (daniel-serpell) wrote :

Tested 5.0.375.70~r48679-0ubuntu0.10.04.1 from lucid-proposed and works ok.

Martin Pitt (pitti) on 2010-06-11
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.70~r48679-0ubuntu0.10.04.1

---------------
chromium-browser (5.0.375.70~r48679-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #591474)
    Fixes the following security issues:
    - [15766] Medium Cross-origin keystroke redirection. Credit to Michal
      Zalewski of Google Security Team.
    - [39985] High Cross-origin bypass in DOM methods. Credit to Sergey
      Glazunov.
    - [42723] High Memory error in table layout. Credit to wushi of team509.
    - [43304] High Linux sandbox escape. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43307] High Bitmap stale pointer. Credit to Mark Dowd under contract to
      Google Chrome Security Team.
    - [43315] High Memory corruption in DOM node normalization. Credit to Mark
      Dowd under contract to Google Chrome Security Team.
    - [43487] High Memory corruption in text transforms. Credit to wushi of
      team509.
    - [43902] Medium XSS in innerHTML property of textarea. Credit to
      sirdarckcat of Google Security Team.
    - [44740] High Memory corruption in font handling. Credit: Apple.
    - [44868] High Geolocation events fire after document deletion. Credit to
      Google Chrome Security Team (Justin Schuh).
    - [44955] High Memory corruption in rendering of list markers. Credit:
      Apple.
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 09 Jun 2010 07:30:50 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers