Update to latest stable version

Bug #598913 reported by Guillaume Pascal on 2010-06-26
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Undecided
Fabien Tassin
Lucid
High
Unassigned
Maverick
Undecided
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upgrade the package in 5.0.375.86:

"Google Chrome 5.0.375.86 has been released to the Stable channel on Linux, Mac, and Windows.

The integrated flash player has been enabled by default and the following security issues were resolved:
[38105] Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery.
[43322] Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team.
[43967] High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team.
[45267] High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar).
[$500] [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE.
If you find issues, please let us know: http://code.google.com/p/chromium/issues/entry

Anthony Laforge,
Google Chrome Team"

http://googlechromereleases.blogspot.com/2010/06/stable-channel-update_24.html

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: chromium-browser 5.0.375.70~r48679-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.35-5.6-generic 2.6.35-rc3
Uname: Linux 2.6.35-5-generic i686
Architecture: i386
Date: Sun Jun 27 00:48:23 2010
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Alpha i386 (20100615)
ProcEnviron:
 LANG=fr_FR.utf8
 SHELL=/bin/bash
SourcePackage: chromium-browser

Fabien Tassin (fta) on 2010-06-26
Changed in chromium-browser (Ubuntu):
assignee: nobody → Fabien Tassin (fta)
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.86~r49890-0ubuntu1

---------------
chromium-browser (5.0.375.86~r49890-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #598913)
    Fixes the following security issues:
    - [38105] Medium XSS via application/json response (regression). Credit to
      Ben Davis for original discovery and Emanuele Gentili for regression
      discovery.
    - [43322] Medium Memory error in video handling. Credit to Mark Dowd under
      contract to Google Chrome Security Team.
    - [43967] High Subresource displayed in omnibox loading. Credit to Michal
      Zalewski of Google Security Team.
    - [45267] High Memory error in video handling. Credit to Google Chrome
      Security Team (Cris Neckar).
    - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo
      Marcos of SECFORCE.
  * Drop the XLIB_SKIP_ARGB_VISUALS workaround now that the rgba patch has
    been backed off from gtk2 (LP: #584959)
    - update debian/chromium-browser.sh
  * Show in about:version and in the About UI when chromium is running on a different
    distribution that it has been built on
    - udpate debian/rules
    - rename and update debian/chromium-browser.sh => debian/chromium-browser.sh.in
 -- Fabien Tassin <email address hidden> Fri, 25 Jun 2010 02:05:06 +0200

Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Released
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
Jamie Strandboge (jdstrand) wrote :

An updated package for Lucid has been uploaded to the ubuntu-security-proposed PPA following https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue.

Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
tags: added: security-verification
Jamie Strandboge (jdstrand) wrote :

"Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
removed: security-verification
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: added: sru-verification
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Marc Deslauriers (mdeslaur) wrote :

I have tested the package in -proposed on lucid, and it works great.

Jamie Strandboge (jdstrand) wrote :

I have tested it also and it works fine.

tags: added: verification-done
removed: sru-verification verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.86~r49890-0ubuntu0.10.04.1

---------------
chromium-browser (5.0.375.86~r49890-0ubuntu0.10.04.1) lucid-proposed; urgency=low

  * New upstream release from the Stable Channel (LP: #598913)
    Fixes the following security issues:
    - [38105] Medium XSS via application/json response (regression). Credit to
      Ben Davis for original discovery and Emanuele Gentili for regression
      discovery.
    - [43322] Medium Memory error in video handling. Credit to Mark Dowd under
      contract to Google Chrome Security Team.
    - [43967] High Subresource displayed in omnibox loading. Credit to Michal
      Zalewski of Google Security Team.
    - [45267] High Memory error in video handling. Credit to Google Chrome
      Security Team (Cris Neckar).
    - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo
      Marcos of SECFORCE.
  * Drop the XLIB_SKIP_ARGB_VISUALS workaround now that the rgba patch has
    been backed off from gtk2 (LP: #584959)
    - update debian/chromium-browser.sh
  * Show in about:version and in the About UI when chromium is running on a different
    distribution that it has been built on
    - udpate debian/rules
    - rename and update debian/chromium-browser.sh => debian/chromium-browser.sh.in
  * Refresh list of languages in the -l10n package
    - update debian/control
  * Stop building and running the testsuite. The builders restricted env
    makes the results mostly unusable in an automated way and resources to
    manually exploit them are not available
    - update debian/control
    - update debian/rules
  * Remove duplicates of the main copyright file in order to save space on the CD
    - update debian/rules
  * Add support for the Ambiance/Radiance and Dust themes button ordering by
    reading the gconf pref (LP: #568307)
    (thanks to Giuseppe Iuculano for importing the patch from trunk)
    - add debian/patches/gtk-ambiance.patch
    - update debian/patches/series
 -- Fabien Tassin <email address hidden> Fri, 25 Jun 2010 02:05:06 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers