© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
This bug was fixed in the package chromium-browser - 7.0.517.
---------------
chromium-browser (7.0.517.
* New upstream Major release from the Stable Channel (LP: #663523), also
fixing the following security issues:
- [48225] [51727] Medium, Possible autofill / autocomplete profile
spamming. Credit to Google Chrome Security Team (Inferno).
- [48857] High, Crash with forms. Credit to the Chromium development
community.
- [50428] Critical, Browser crash with form autofill. Credit to the
Chromium development community.
- [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc;
plus independent discovery by Jordi Chancel.
- [53002] Low, Pop-up block bypass. Credit to kuzzcc.
- [53985] Medium, Crash on shutdown with Web Sockets. Credit to the
Chromium development community.
- [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg,
Virtual Security Research.
- [54500] High, Possible memory corruption with animated GIF. Credit to
Simon Schaak.
- [54794] High, Failure to sandbox worker processes on Linux. Credit to
Google Chrome Security Team (Chris Evans).
- [56451] High, Stale elements in an element map. Credit to Michal Zalewski
of the Google Security Team.
* Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the
strict-aliasing issue in dtoa has been fixed
- drop debian/
- update debian/
* Drop the xdg-mime patch now that we catched up with v7
- drop debian/
* Disable -Werror when building with gcc 4.5 until
http://
- update debian/rules
* Fix the apport hook crash when the use_system key is unset (LP: #660579)
- update debian/
-- Fabien Tassin <email address hidden> Tue, 19 Oct 2010 22:36:19 +0200