11.0.696.57 -> 11.0.696.65

Bug #778822 reported by Fabien Tassin on 2011-05-06
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Micah Gersten
Maverick
High
Micah Gersten
Natty
High
Micah Gersten
Oneiric
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Another security upgrade, needed in oneiric, natty, maverick and lucid

Fabien Tassin (fta) on 2011-05-06
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Oneiric):
importance: Undecided → High
assignee: nobody → Fabien Tassin (fta)
status: New → Fix Committed
security vulnerability: no → yes
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu1) oneiric; urgency=high

  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2010-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2010-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2010-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2010-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2010-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2010-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Add a static quicklist for Unity allowing to open a new window (either regular
    or incognito) or a fresh session with a temporary profile
    - update debian/chromium-browser.desktop
  * Don't let scour touch the svg files (LP: #748881)
    - update debian/rules
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules
  * Build with gcc-4.5 on Oneiric for now. It's not ready for 4.6
    - update debian/control
    - update debian/rules
 -- Fabien Tassin <email address hidden> Fri, 06 May 2011 23:04:53 +0200

Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Fabien Tassin (fta) wrote :

oops, all the CVE ids are wrong.. s/2010/2011/g

Micah Gersten (micahg) on 2011-05-08
Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Jamie Strandboge (jdstrand) wrote :

Copied Lucid-Natty to -proposed.

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Committed
Micah Gersten (micahg) on 2011-05-08
tags: added: verification-needed
Micah Gersten (micahg) wrote :

Tested lucid amd64 and i386 with QRT. No regressions over previous functionality.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu0.10.04.1) lucid-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2011-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules

  [ Micah Gersten <email address hidden> ]
  * Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
    - update debian/control
 -- Micah Gersten <email address hidden> Sun, 08 May 2011 01:46:21 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Micah Gersten (micahg) wrote :

Tested maverick amd64 and i386 with QRT. No regressions over previous functionality.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu0.10.10.1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2011-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules

  [ Micah Gersten <email address hidden> ]
  * Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
    - update debian/control
 -- Micah Gersten <email address hidden> Sun, 08 May 2011 02:26:50 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Micah Gersten (micahg) wrote :

Tested natty on amd64 and i386 with QRT, no regressions over previous functionality

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu0.11.04.1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu0.11.04.1) natty-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2011-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules

  [ Micah Gersten <email address hidden> ]
  * Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
    - update debian/control
 -- Micah Gersten <email address hidden> Sun, 08 May 2011 02:57:29 +0200

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers