* New upstream release from the Stable Channel (LP: #641699)
This release fixes the following security issues:
- [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
- [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
Mike Belshe of the Chromium development community.
- [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
of MindedSecurity.
Also includes the following security issues from 6.0.472.59 (LP: #638736)
- [50250] High, Use-after-free when using document APIs during parse.
Credit to David Weston of Microsoft + Microsoft Vulnerability Research
(MSVR) and wushi of team 509 (independent discoveries).
- [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
- [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
- [51709] Low, Possible browser assert in cursor handling. Credit to
“magnusmorton”.
- [51919] High, Race condition in console handling. Credit to kuzzcc.
- [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
- [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
- [53930] High, Memory corruption in Khmer handling. Credit to Google
Chrome Security Team (Chris Evans).
- [54006] Low, Failure to prompt for extension history access. Credit to
“adriennefelt”.
* Don't build with PIE on armel for now, it fails to link.
- update debian/rules
* Add some translations for the "Name" field in the desktop file, and fix
some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to
contribute more translations (LP: #631670)
-- Fabien Tassin <email address hidden> Fri, 17 Sep 2010 22:25:54 +0200
This bug was fixed in the package chromium-browser - 6.0.472. 62~r59676- 0ubuntu0. 10.04.1
--------------- 62~r59676- 0ubuntu0. 10.04.1) lucid-security; urgency=high
chromium-browser (6.0.472.
* New upstream release from the Stable Channel (LP: #641699) magnusmorton” . adriennefelt” . /wiki.ubuntu. com/Translation s/Wanted/ ChromiumDesktop to
This release fixes the following security issues:
- [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
- [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
Mike Belshe of the Chromium development community.
- [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
of MindedSecurity.
Also includes the following security issues from 6.0.472.59 (LP: #638736)
- [50250] High, Use-after-free when using document APIs during parse.
Credit to David Weston of Microsoft + Microsoft Vulnerability Research
(MSVR) and wushi of team 509 (independent discoveries).
- [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
- [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
- [51709] Low, Possible browser assert in cursor handling. Credit to
“
- [51919] High, Race condition in console handling. Credit to kuzzcc.
- [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
- [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
- [53930] High, Memory corruption in Khmer handling. Credit to Google
Chrome Security Team (Chris Evans).
- [54006] Low, Failure to prompt for extension history access. Credit to
“
* Don't build with PIE on armel for now, it fails to link.
- update debian/rules
* Add some translations for the "Name" field in the desktop file, and fix
some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
See https:/
contribute more translations (LP: #631670)
-- Fabien Tassin <email address hidden> Fri, 17 Sep 2010 22:25:54 +0200