Ubuntu
chromium-browser package

7.0.517.41~r62167 -> 7.0.517.44~r64615 security update

Bug #671420 reported by Fabien Tassin
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Fabien Tassin
Lucid
Fix Released
High
Fabien Tassin
Maverick
Fix Released
High
Fabien Tassin
Natty
Fix Released
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new minor security update: 7.0.517.44~r64615

needed in natty, maverick and lucid.
it qualifies for the micro release exception.

See original description
Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → Fix Committed
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 7.0.517.44~r64615-0ubuntu1

---------------
chromium-browser (7.0.517.44~r64615-0ubuntu1) natty; urgency=high

  * New upstream Major release from the Stable Channel (LP: #671420), also
    fixing the following security issues:
    - [51602] High, Use-after-free in text editing. Credit to David Bloom of
      the Google Security Team, Google Chrome Security Team (Inferno) and
      Google Chrome Security Team (Cris Neckar).
    - [55257] High, Memory corruption with enormous text area. Credit to wushi
      of team509.
    - [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc.
    - [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang
      Minh from Bkis (www.bkis.com).
    - [58741] High, Use-after-free in text control selections. Credit to
      “vkouchna”.
    - [59320] High, Integer overflows in font handling. Credit to Aki Helin of
      OUSPG.
    - [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl.
    - [60238] High, Bad use of destroyed frame object. Credit to various
      developers, including “gundlach”.
    - [60327] [60769] [61255] High, Type confusions with event objects. Credit
      to “fam.lam” and Google Chrome Security Team (Inferno).
    - [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi
      of team509.
  * Work-around a gcc 4.5 miscompilation bug causing a regression in the
    omnibar, breaking searches (LP: #664584)
    - add debian/patches/gcc-4.5-build-workaround.patch
    - update debian/patches/series
 -- Fabien Tassin <email address hidden> Thu, 04 Nov 2010 20:53:09 +0100

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
Fabien Tassin (fta)
description: updated
Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded 7.0.517.44~r64615-0ubuntu0.10.04.1 and 7.0.517.44~r64615-0ubuntu0.10.10.1 to the ubuntu-security-proposed PPA.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for all your hard work on this Fabien! :)

tags: added: security-verification
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed for lucid and maverick. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

tags: added: verification-needed
removed: security-verification
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

chromium-browser on lucid and maverick pass QRT tests on amd64 and i386.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 7.0.517.44~r64615-0ubuntu0.10.10.1

---------------
chromium-browser (7.0.517.44~r64615-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #671420), also
    fixing the following security issues:
    - [51602] High, Use-after-free in text editing. Credit to David Bloom of
      the Google Security Team, Google Chrome Security Team (Inferno) and
      Google Chrome Security Team (Cris Neckar).
    - [55257] High, Memory corruption with enormous text area. Credit to wushi
      of team509.
    - [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc.
    - [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang
      Minh from Bkis (www.bkis.com).
    - [58741] High, Use-after-free in text control selections. Credit to
      “vkouchna”.
    - [59320] High, Integer overflows in font handling. Credit to Aki Helin of
      OUSPG.
    - [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl.
    - [60238] High, Bad use of destroyed frame object. Credit to various
      developers, including “gundlach”.
    - [60327] [60769] [61255] High, Type confusions with event objects. Credit
      to “fam.lam” and Google Chrome Security Team (Inferno).
    - [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi
      of team509.
 -- Fabien Tassin <email address hidden> Thu, 04 Nov 2010 20:53:09 +0100

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 7.0.517.44~r64615-0ubuntu0.10.04.1

---------------
chromium-browser (7.0.517.44~r64615-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #671420), also
    fixing the following security issues:
    - [51602] High, Use-after-free in text editing. Credit to David Bloom of
      the Google Security Team, Google Chrome Security Team (Inferno) and
      Google Chrome Security Team (Cris Neckar).
    - [55257] High, Memory corruption with enormous text area. Credit to wushi
      of team509.
    - [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc.
    - [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang
      Minh from Bkis (www.bkis.com).
    - [58741] High, Use-after-free in text control selections. Credit to
      “vkouchna”.
    - [59320] High, Integer overflows in font handling. Credit to Aki Helin of
      OUSPG.
    - [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl.
    - [60238] High, Bad use of destroyed frame object. Credit to various
      developers, including “gundlach”.
    - [60327] [60769] [61255] High, Type confusions with event objects. Credit
      to “fam.lam” and Google Chrome Security Team (Inferno).
    - [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi
      of team509.
 -- Fabien Tassin <email address hidden> Thu, 04 Nov 2010 20:53:09 +0100

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.