10.0.648.204 -> 10.0.648.205

Bug #762275 reported by Fabien Tassin on 2011-04-15
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Unassigned
Maverick
High
Micah Gersten
Natty
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new Minor (stable) release fixing two security issues.

Needed in natty, maverick and lucid.

Fabien Tassin (fta) on 2011-04-15
visibility: private → public
Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → High
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → High
status: New → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu1) natty; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
  * Make the default mail client and browser settings work with the
    x-scheme-handler method of registering URI handlers in gnome3.
    This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
    <email address hidden>, itself based on Bastien Nocera <email address hidden>
    upstream fix (LP: #670128)
    - add debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
    - update debian/patches/series
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * Report a dedicated WMClass per webapp, needed by Unity/bamf.
    (backported from trunk) (LP: #692462)
    - add debian/patches/webapps-wm-class-lp692462.patch
    - update debian/patches/series
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
Fabien Tassin (fta) on 2011-04-17
Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Micah Gersten (micahg) wrote :

Lucid and maverick packages uploaded to ubuntu-security proposed PPA.

Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Jamie Strandboge (jdstrand) wrote :

Per micahg via irc, maverick was tested via QRT and works as well as the previous release (excepting bug #743494, as mentioned in the NEWS file).

tags: added: verification-done-maverick
Jamie Strandboge (jdstrand) wrote :

Copied 10.0.648.205~r81283-0ubuntu0.10.10.1 to maverick-proposed.

Jamie Strandboge (jdstrand) wrote :

iLucid i386 and amd64 tested via QRT and works as well as the previous release (excepting bug #743494).

tags: added: verification-done-lucid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.10.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

Waiting on lucid/armel before pocket copy.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.04.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers