10.0.648.133 -> 10.0.648.204

Bug #742118 reported by Fabien Tassin on 2011-03-24
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Micah Gersten
Maverick
High
Micah Gersten
Natty
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new Minor (stable) release fixing a bunch of security issues.

Needed in natty, maverick and lucid.

Fabien Tassin (fta) on 2011-03-24
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
assignee: Fabien Tassin (fta) → nobody
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.204~r79063-0ubuntu1

---------------
chromium-browser (10.0.648.204~r79063-0ubuntu1) natty; urgency=high

  * New upstream minor release from the Stable Channel (LP: #742118)
    This release fixes the following security issues:
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
 -- Fabien Tassin <email address hidden> Thu, 24 Mar 2011 23:05:14 +0100

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Fabien Tassin (fta) wrote :

grr, it FTBFS on arm, because nacl is not built there (dh_install fails).
i forgot that I disabled nacl for this arch a long time ago.
Workaround committed in the branch (only ship the .so lib if nacl was actually built), i will send an update to Natty asap.

For the next major release (ch11), i'd like to re-add nacl on arm, but i need to be sure it works fine first (and due to the lack of hardware, i'm obviously stuck).

For this update, how do you want to proceed for maverick and natty?
a/ you trash the source packages I gave you and i give new ones with the workaround
or
b/ you use the the source packages I gave you, they will FTBFS on arm (only) and I give you an incremental update with the workaround

I'm fine either way.

Fabien Tassin (fta) wrote :

ok, nacl builds on arm but doesn't seem to work yet (apparently because of the sandbox) so no big deal, the workaround is good enough for us.

see http://groups.google.com/group/native-client-discuss/browse_thread/thread/7b647580def4566d

Micah Gersten (micahg) wrote :

As I stated on IRC, I'm reluctant to push out this update until bug 743494 is resolved.

Fabien Tassin (fta) wrote :

I'll see if i can set --password-store=detect by default but i'm reluctant to wait for those 6 hot security fixes.
It's your call though. My side was ready in time.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.10.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.04.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers