7.0.517.44~r64615 -> 8.0.552.215~r67652 security update

This bug was fixed in the package chromium-browser - 8.0.552.215~r67652-0ubuntu1

---------------
chromium-browser (8.0.552.215~r67652-0ubuntu1) natty; urgency=high

  * New upstream Major release from the Stable Channel (LP: #684502), also
    fixing the following security issues:
    - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
      Security Team (SkyLined).
    - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
      Panchbhai and Microsoft Vulnerability Research (MSVR).
    - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
      Security Team (Inferno).
    - [58319] Low, Prevent excessive file dialogs, possibly leading to browser
      crash. Credit to Cezary Tomczak (gosu.pl).
    - [59554] High, Use after free in history handling. Credit to Stefan
      Troger.
    - [59817] Medium, Make sure the “dangerous file types” list is uptodate
      with the Windows platforms. Credit to Billy Rios of the Google Security
      Team.
    - [61701] Low, Browser crash with HTTP proxy authentication. Credit to
      Mohammed Bouhlel.
    - [61653] Medium, Out-of-bounds read regression in WebM video support.
      Credit to Google Chrome Security Team (Chris Evans), based on earlier
      testcases from Mozilla and Microsoft (MSVR).
    - [62127] High, Crash due to bad indexing with malformed video. Credit to
      miaubiz.
    - [62168] Medium, Possible browser memory corruption via malicious
      privileged extension. Credit to kuzzcc.
    - [62401] High, Use after free with SVG animations. Credit to Sławomir
      Błażek.
    - [63051] Medium, Use after free in mouse dragging event handling. Credit
      to kuzzcc.
    - [63444] High, Double free in XPath handling. Credit to Yang Dingning from
      NCNIPC, Graduate University of Chinese Academy of Sciences.
  * Work-around a gcc 4.5 miscompilation bug causing regression in the
    omnibar, breaking searches (LP: #664584)
    - add debian/patches/gcc-4.5-build-workaround.patch
    - update debian/patches/series
  * Automatically merge Launchpad translations with the upstream grit files and
    produce patches in the source tarball. Apply those patches at build time
    during configure
    - update debian/rules
  * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
    entry of the desktop file (needed on Natty where handlers are no longer
    searched for in gconf)
    - update debian/chromium-browser.desktop
 -- Fabien Tassin <email address hidden> Thu, 02 Dec 2010 20:32:06 +0100

From irc:
07:49 < fta> jdstrand, my chromium security updates for maverick and lucid are ready: http://people.ubuntu.com/~fta/chromium/8.0.552.215~r67652/ & bug 684502
07:50 < jdstrand> fta: ack. I'm patch piloting now so will get right on it.

As discussed in IRC, the translations fix is added, but quite useful for the new 8.0 release.

ACK

Uploaded 8.0.552.215~r67652-0ubuntu0.10.10.1 and 8.0.552.215~r67652-0ubuntu0.10.04.1 to the ubuntu-security-proposed PPA. Will copy over to -proposed after it finishes building.

This bug was fixed in the package chromium-browser - 8.0.552.215~r67652-0ubuntu0.10.04.1

---------------
chromium-browser (8.0.552.215~r67652-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #684502), also
    fixing the following security issues:
    - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
      Security Team (SkyLined).
    - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
      Panchbhai and Microsoft Vulnerability Research (MSVR).
    - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
      Security Team (Inferno).
    - [58319] Low, Prevent excessive file dialogs, possibly leading to browser
      crash. Credit to Cezary Tomczak (gosu.pl).
    - [59554] High, Use after free in history handling. Credit to Stefan
      Troger.
    - [59817] Medium, Make sure the “dangerous file types” list is uptodate
      with the Windows platforms. Credit to Billy Rios of the Google Security
      Team.
    - [61701] Low, Browser crash with HTTP proxy authentication. Credit to
      Mohammed Bouhlel.
    - [61653] Medium, Out-of-bounds read regression in WebM video support.
      Credit to Google Chrome Security Team (Chris Evans), based on earlier
      testcases from Mozilla and Microsoft (MSVR).
    - [62127] High, Crash due to bad indexing with malformed video. Credit to
      miaubiz.
    - [62168] Medium, Possible browser memory corruption via malicious
      privileged extension. Credit to kuzzcc.
    - [62401] High, Use after free with SVG animations. Credit to Sławomir
      Błażek.
    - [63051] Medium, Use after free in mouse dragging event handling. Credit
      to kuzzcc.
    - [63444] High, Double free in XPath handling. Credit to Yang Dingning from
      NCNIPC, Graduate University of Chinese Academy of Sciences.
  * Automatically merge Launchpad translations with the upstream grit files and
    produce patches in the source tarball. Apply those patches at build time
    during configure
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 02 Dec 2010 20:32:06 +0100

This bug was fixed in the package chromium-browser - 8.0.552.215~r67652-0ubuntu0.10.10.1

---------------
chromium-browser (8.0.552.215~r67652-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #684502), also
    fixing the following security issues:
    - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
      Security Team (SkyLined).
    - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
      Panchbhai and Microsoft Vulnerability Research (MSVR).
    - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
      Security Team (Inferno).
    - [58319] Low, Prevent excessive file dialogs, possibly leading to browser
      crash. Credit to Cezary Tomczak (gosu.pl).
    - [59554] High, Use after free in history handling. Credit to Stefan
      Troger.
    - [59817] Medium, Make sure the “dangerous file types” list is uptodate
      with the Windows platforms. Credit to Billy Rios of the Google Security
      Team.
    - [61701] Low, Browser crash with HTTP proxy authentication. Credit to
      Mohammed Bouhlel.
    - [61653] Medium, Out-of-bounds read regression in WebM video support.
      Credit to Google Chrome Security Team (Chris Evans), based on earlier
      testcases from Mozilla and Microsoft (MSVR).
    - [62127] High, Crash due to bad indexing with malformed video. Credit to
      miaubiz.
    - [62168] Medium, Possible browser memory corruption via malicious
      privileged extension. Credit to kuzzcc.
    - [62401] High, Use after free with SVG animations. Credit to Sławomir
      Błażek.
    - [63051] Medium, Use after free in mouse dragging event handling. Credit
      to kuzzcc.
    - [63444] High, Double free in XPath handling. Credit to Yang Dingning from
      NCNIPC, Graduate University of Chinese Academy of Sciences.
  * Automatically merge Launchpad translations with the upstream grit files and
    produce patches in the source tarball. Apply those patches at build time
    during configure
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 02 Dec 2010 20:32:06 +0100