Ubuntu
chromium-browser package

Bug #716703
Comment #11

Comment 11 for bug 716703

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-03-03:

#11

This bug was fixed in the package chromium-browser - 9.0.597.107~r75357-0ubuntu0.10.04.1

---------------
chromium-browser (9.0.597.107~r75357-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream release from the Stable Channel (LP: #726895)
    This release fixes the following security issues:
    + Webkit bugs:
      - [54262] High, URL bar spoof with history interaction. Credit to Jordi
        Chancel.
      - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
      - [68741] High, Stale pointer with key frame rule. Credit to Sergey
        Glazunov.
      - [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
      - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
      - [71114] High, Stale node in table child handling. Credit to Martin
        Barbella.
      - [71115] High, Stale pointer in table rendering. Credit to Martin
        Barbella.
      - [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
      - [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
      - [71388] High, Crash in textarea handling. Credit to wushi of team509.
      - [71595] High, Stale pointer in device orientation. Credit to Sergey
        Glazunov.
      - [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
      - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
        Security Team (Inferno).
      - [73235] High, Stale pointer in layout. Credit to Martin Barbella.
    + Chromium bugs:
      - [63732] High, Crash with javascript dialogs. Credit to Sergey
        Radchenko.
      - [64-bit only] [70376] Medium, Out-of-bounds read in pickle
        deserialization. Credit to Evgeniy Stepanov of the Chromium development
        community.
      - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
      - [72214] High, Accidental exposure of internal extension functions.
        Credit to Tavis Ormandy of the Google Security Team.
      - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
        Silva.
  * Bump the lang-pack package from Suggests to Recommends (LP: #689267)
    - update debian/control
  * Disable PIE on Armel/Lucid (LP: #716703)
    - update debian/rules
  * Add the disk usage to the Apport hooks
    - update debian/apport/chromium-browser.py
  * Drop gyp from Build-Depends, use in-source gyp instead
    - update debian/control
  * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
    - update debian/rules
    - update debian/control
    - add debian/chromium-codecs-ffmpeg-extra.install
    - add debian/chromium-codecs-ffmpeg.install
-- Fabien Tassin <email address hidden> Tue, 01 Mar 2011 00:14:02 +0100

This bug was fixed in the package chromium-browser - 9.0.597.107~r75357-0ubuntu0.10.04.1

---------------
chromium-browser (9.0.597.107~r75357-0ubuntu0.10.04.1) lucid-security; urgency=high

* New upstream release from the Stable Channel (LP: #726895)
    This release fixes the following security issues:
    + Webkit bugs:
      - [54262] High, URL bar spoof with history interaction. Credit to Jordi
        Chancel.
      - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
      - [68741] High, Stale pointer with key frame rule. Credit to Sergey
        Glazunov.
      - [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
      - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
      - [71114] High, Stale node in table child handling. Credit to Martin
        Barbella.
      - [71115] High, Stale pointer in table rendering. Credit to Martin
        Barbella.
      - [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
      - [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
      - [71388] High, Crash in textarea handling. Credit to wushi of team509.
      - [71595] High, Stale pointer in device orientation. Credit to Sergey
        Glazunov.
      - [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
      - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
        Security Team (Inferno).
      - [73235] High, Stale pointer in layout. Credit to Martin Barbella.
    + Chromium bugs:
      - [63732] High, Crash with javascript dialogs. Credit to Sergey
        Radchenko.
      - [64-bit only] [70376] Medium, Out-of-bounds read in pickle
        deserialization. Credit to Evgeniy Stepanov of the Chromium development
        community.
      - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
      - [72214] High, Accidental exposure of internal extension functions.
        Credit to Tavis Ormandy of the Google Security Team.
      - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
        Silva.
  * Bump the lang-pack package from Suggests to Recommends (LP: #689267)
    - update debian/control
  * Disable PIE on Armel/Lucid (LP: #716703)
    - update debian/rules
  * Add the disk usage to the Apport hooks
    - update debian/apport/chromium-browser.py
  * Drop gyp from Build-Depends, use in-source gyp instead
    - update debian/control
  * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
    - update debian/rules
    - update debian/control
    - add debian/chromium-codecs-ffmpeg-extra.install
    - add debian/chromium-codecs-ffmpeg.install
 -- Fabien Tassin <fta@ubuntu.com>   Tue, 01 Mar 2011 00:14:02 +0100

Ubuntuchromium-browser package

Comment 11 for bug 716703

Ubuntu
chromium-browser package