new upstream release: 5.0.375.125~r53311

Bug #612109 reported by Fabien Tassin on 2010-07-31
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Undecided
Fabien Tassin
Lucid
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream released 5.0.375.125~r53311 with a bunch of security fixes

Fabien Tassin (fta) on 2010-07-31
Changed in chromium-browser (Ubuntu):
assignee: nobody → Fabien Tassin (fta)
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.125~r53311-0ubuntu1

---------------
chromium-browser (5.0.375.125~r53311-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #612109)
    This release fixes the following security issues:
    - [42736] Medium Memory contents disclosure in layout code. Credit to
      Michail Nikolaev.
    - [43813] High Issue with large canvases. Credit to sp3x of
      SecurityReason.com.
    - [47866] High Memory corruption in rendering code. Credit to Jose A.
      Vazquez.
    - [48284] High Memory corruption in SVG handling. Credit to Aki Helin of
      OUSPG.
    - [48597] Low Avoid hostname truncation and incorrect eliding. Credit to
      Google Chrome Security Team (Inferno).
  * lsb_release is slow so try to source the static file /etc/lsb-release
    instead, and fallback to lsb_release if we didn't get the information we need
    for about:version (LP: #608253). Thanks to pitti for the idea.
    - update debian/chromium-browser.sh.in
 -- Fabien Tassin <email address hidden> Tue, 27 Jul 2010 12:03:40 +0200

Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Released
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

Uploaded to ubuntu-security-proposed PPA.

Changed in chromium-browser (Ubuntu Lucid):
status: Confirmed → In Progress
tags: added: security-verification
Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
removed: security-verification
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Fabien Tassin (fta) on 2010-08-04
Changed in chromium-browser (Ubuntu):
status: Fix Released → Fix Committed
Fabien Tassin (fta) on 2010-08-04
Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Tested 5.0.375.125~r53311-0ubuntu0.10.04.1 from -proposed and it works great.

Martin Pitt (pitti) on 2010-08-17
tags: added: verification-done
removed: verification-needed
Jamie Strandboge (jdstrand) wrote :

I just verified bug #608253 and this has been in proposed for 2 weeks.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 5.0.375.125~r53311-0ubuntu0.10.04.1

---------------
chromium-browser (5.0.375.125~r53311-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #612109)
    This release fixes the following security issues:
    - [42736] Medium Memory contents disclosure in layout code. Credit to
      Michail Nikolaev.
    - [43813] High Issue with large canvases. Credit to sp3x of
      SecurityReason.com.
    - [47866] High Memory corruption in rendering code. Credit to Jose A.
      Vazquez.
    - [48284] High Memory corruption in SVG handling. Credit to Aki Helin of
      OUSPG.
    - [48597] Low Avoid hostname truncation and incorrect eliding. Credit to
      Google Chrome Security Team (Inferno).
  * lsb_release is slow so try to source the static file /etc/lsb-release
    instead, and fallback to lsb_release if we didn't get the information we need
    for about:version (LP: #608253). Thanks to pitti for the idea.
    - update debian/chromium-browser.sh.in
 -- Fabien Tassin <email address hidden> Tue, 27 Jul 2010 12:03:40 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers