8.0.552.224~r68599 -> 8.0.552.237~r70801 security update

Bug #702542 reported by Fabien Tassin on 2011-01-13
266
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new minor security update: 8.0.552.237~r70801
needed in natty, maverick and lucid.

it qualifies for the SRU exception.

Fabien Tassin (fta) on 2011-01-13
Changed in chromium-browser (Ubuntu):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 8.0.552.237~r70801-0ubuntu1

---------------
chromium-browser (8.0.552.237~r70801-0ubuntu1) natty; urgency=high

  * New upstream release from the Stable Channel (LP: #702542)
    This release fixes the following security issues:
    - [58053] Medium, Browser crash in extensions notification handling. Credit
      to Eric Roman of the Chromium development community.
    - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
      Glazunov.
    - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
    - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - [67303] High, Bad memory access with mismatched video frame sizes. Credit
      to Aki Helin of OUSPG; plus independent discovery by Google Chrome
      Security Team (SkyLined) and David Warren of CERT.
    - [67363] High, Stale pointer with SVG use element. Credited anonymously;
      plus indepdent discovery by miaubiz.
    - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
      extension. Credit to kuzzcc.
    - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
      CERT.
    - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
    - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
    - [68439] High, Stale rendering node after DOM node removal. Credit to
      Martin Barbella; plus independent discovery by Google Chrome Security
      Team (SkyLined).
    - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
      Glazunov.
  * Add the chrome/app/policy/policy_templates.grd template to the list
    of templates translated in Launchpad
    - update debian/rules
  * Add Basque and Galician to the list of supported langs for the lang-packs
    (translations from Launchpad/Rosetta)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 13 Jan 2011 07:31:05 +0100

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand) wrote :

Lucid and maverick uploaded to the security proposed PPA.

tags: added: security-verification
security vulnerability: no → yes
Micah Gersten (micahg) wrote :

Tested on Lucid i386 with QRT, passed verification
I did have a problem with a few openoffice documents, but I believe it to be a local issue

Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed for maverick and lucid. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance!

tags: removed: security-verification
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Jamie Strandboge (jdstrand) wrote :

Tested lucid and maverick on amd64 (and maverick on i386), and upgrade went fine and it passes QRT's test-browser.py.

tags: added: verification-needed
Martin Pitt (pitti) on 2011-01-15
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 8.0.552.237~r70801-0ubuntu0.10.10.1

---------------
chromium-browser (8.0.552.237~r70801-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream release from the Stable Channel (LP: #702542)
    This release fixes the following security issues:
    - [58053] Medium, Browser crash in extensions notification handling. Credit
      to Eric Roman of the Chromium development community.
    - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
      Glazunov.
    - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
    - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - [67303] High, Bad memory access with mismatched video frame sizes. Credit
      to Aki Helin of OUSPG; plus independent discovery by Google Chrome
      Security Team (SkyLined) and David Warren of CERT.
    - [67363] High, Stale pointer with SVG use element. Credited anonymously;
      plus indepdent discovery by miaubiz.
    - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
      extension. Credit to kuzzcc.
    - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
      CERT.
    - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
    - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
    - [68439] High, Stale rendering node after DOM node removal. Credit to
      Martin Barbella; plus independent discovery by Google Chrome Security
      Team (SkyLined).
    - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
      Glazunov.
  * Add the chrome/app/policy/policy_templates.grd template to the list
    of templates translated in Launchpad
    - update debian/rules
  * Add Basque and Galician to the list of supported langs for the lang-packs
    (translations from Launchpad/Rosetta)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 13 Jan 2011 07:31:05 +0100

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 8.0.552.237~r70801-0ubuntu0.10.04.1

---------------
chromium-browser (8.0.552.237~r70801-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream release from the Stable Channel (LP: #702542)
    This release fixes the following security issues:
    - [58053] Medium, Browser crash in extensions notification handling. Credit
      to Eric Roman of the Chromium development community.
    - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
      Glazunov.
    - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
    - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - [67303] High, Bad memory access with mismatched video frame sizes. Credit
      to Aki Helin of OUSPG; plus independent discovery by Google Chrome
      Security Team (SkyLined) and David Warren of CERT.
    - [67363] High, Stale pointer with SVG use element. Credited anonymously;
      plus indepdent discovery by miaubiz.
    - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
      extension. Credit to kuzzcc.
    - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
      CERT.
    - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
    - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
    - [68439] High, Stale rendering node after DOM node removal. Credit to
      Martin Barbella; plus independent discovery by Google Chrome Security
      Team (SkyLined).
    - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
      Glazunov.
  * Add the chrome/app/policy/policy_templates.grd template to the list
    of templates translated in Launchpad
    - update debian/rules
  * Add Basque and Galician to the list of supported langs for the lang-packs
    (translations from Launchpad/Rosetta)
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 13 Jan 2011 07:31:05 +0100

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers