6.0.472.55~r58392 -> 6.0.472.59~r59126 upgrade

Bug #638736 reported by Fabien Tassin on 2010-09-15
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Fabien Tassin
Maverick
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new security update, fixing 9 bugs (6 high, 3 low).

http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html

needed in lucid and maverick.

Fabien Tassin (fta) on 2010-09-15
visibility: private → public
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Fabien Tassin (fta) wrote :

packaging ready, currently building in the beta ppa: https://edge.launchpad.net/~chromium-daily/+archive/beta/+packages

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 6.0.472.59~r59126-0ubuntu1

---------------
chromium-browser (6.0.472.59~r59126-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #638736)
    This release fixes the following security issues:
    - [50250] High, Use-after-free when using document APIs during parse.
      Credit to David Weston of Microsoft + Microsoft Vulnerability Research
      (MSVR) and wushi of team 509 (independent discoveries).
    - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
    - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
    - [51709] Low, Possible browser assert in cursor handling. Credit to
      “magnusmorton”.
    - [51919] High, Race condition in console handling. Credit to kuzzcc.
    - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
    - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
    - [53930] High, Memory corruption in Khmer handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - [54006] Low, Failure to prompt for extension history access. Credit to
      “adriennefelt”.
  * Don't build with PIE on armel for now, it fails to link.
    - update debian/rules
 -- Fabien Tassin <email address hidden> Wed, 15 Sep 2010 07:20:49 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand) wrote :

This has been superseded by bug #641699.

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Won't Fix
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 6.0.472.62~r59676-0ubuntu0.10.04.1

---------------
chromium-browser (6.0.472.62~r59676-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream release from the Stable Channel (LP: #641699)
    This release fixes the following security issues:
    - [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
    - [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
      Mike Belshe of the Chromium development community.
    - [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
      of MindedSecurity.
    Also includes the following security issues from 6.0.472.59 (LP: #638736)
    - [50250] High, Use-after-free when using document APIs during parse.
      Credit to David Weston of Microsoft + Microsoft Vulnerability Research
      (MSVR) and wushi of team 509 (independent discoveries).
    - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
    - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
    - [51709] Low, Possible browser assert in cursor handling. Credit to
      “magnusmorton”.
    - [51919] High, Race condition in console handling. Credit to kuzzcc.
    - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
    - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
    - [53930] High, Memory corruption in Khmer handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - [54006] Low, Failure to prompt for extension history access. Credit to
      “adriennefelt”.
  * Don't build with PIE on armel for now, it fails to link.
    - update debian/rules
  * Add some translations for the "Name" field in the desktop file, and fix
    some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
    See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to
    contribute more translations (LP: #631670)
 -- Fabien Tassin <email address hidden> Fri, 17 Sep 2010 22:25:54 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Won't Fix → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers