5.0.375.127~r55887 security update

it's already in the stable PPA: ppa:chromium-daily/stable

This bug was fixed in the package chromium-browser - 5.0.375.127~r55887-0ubuntu1

---------------
chromium-browser (5.0.375.127~r55887-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #622823)
    This release fixes the following security issues:
    - [45400] Critical, Memory corruption with file dialog. Credit to Sergey
      Glazunov.
    - [49596] High, Memory corruption with SVGs. Credit to wushi of team509.
    - [49628] High, Bad cast with text editing. Credit to wushi of team509.
    - [49964] High, Possible address bar spoofing with history bug. Credit to
      Mike Taylor.
    - [50515] [51835] High, Memory corruption in MIME type handling. Credit to
      Sergey Glazunov.
    - [50553] Critical, Crash on shutdown due to notifications bug. Credit to
      Sergey Glazunov.
    - [51146] Medium, Stop omnibox autosuggest if the user might be about to
      type a password. Credit to Robert Hansen.
    - [51654] High, Memory corruption with Ruby support. Credit to kuzzcc.
    - [51670] High, Memory corruption with Geolocation support. Credit to
      kuzzcc.
  * Add the xul libdir to LD_LIBRARY_PATH in the wrapper to help icedtea6-plugin
    (LP: #529242). This is needed at least for openjdk-6 6b18.
    - update debian/chromium-browser.sh
  * No longer use tar --lzma in get-orig-source now that it silently uses xz
    (since tar 1.23-2) which is not available in the backports. Use "tar | lzma"
    instead so the embedded tarball is always a lzma file
    - update debian/rules
  * Tweak the user agent to include Chromium and the Distro's name and version.
    - add debian/patches/chromium_useragent.patch.in
    - update debian/patches/series
    - update debian/rules
  * Fix a typo in the subst_files rule
    - update debian/rules
  * Fix a gyp file that triggers an error with newer gyp (because of dead code)
    - add debian/patches/drop_unused_rules_to_please_newer_gyp.patch
    - update debian/patches/series
  * Bump gyp Build-Depends to >= 0.1~svn810 to match upstream requirement
    - update debian/control
 -- Fabien Tassin <email address hidden> Fri, 20 Aug 2010 14:09:16 +0200

on lucid, we need gyp >= 810

gyp 0.1~svn810-0ubuntu1 uploaded to lucid-proposed, waiting for approval.

There's no big deal here, it's only used by chromium packages (the browser and its codecs)

Uploaded to the ubuntu-security-proposed PPA

Accepted gyp into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

I have tested 5.0.375.127~r55887-0ubuntu0.10.04.1 in lucid-proposed and it works fine (I used test-browser.py from QRT and there are no regressions over the previous release).

I think we can also consider gyp as 'verification-done' since chromium-browser built file against it (fyi-- gyp was in *both* ubuntu-security-propsed and lucid-proposed, but it was the same source package. chromium-browser built against the one in ubuntu-security-proposed. I created a 2nd 'ubuntu2' gyp that I pocket copied to lucid-proposed, so that it can be pocket copied to -security along with chromium-browser).

This bug was fixed in the package chromium-browser - 5.0.375.127~r55887-0ubuntu0.10.04.1

---------------
chromium-browser (5.0.375.127~r55887-0ubuntu0.10.04.1) lucid-security; urgency=low

  * New upstream release from the Stable Channel (LP: #622823)
    This release fixes the following security issues:
    - [45400] Critical, Memory corruption with file dialog. Credit to Sergey
      Glazunov.
    - [49596] High, Memory corruption with SVGs. Credit to wushi of team509.
    - [49628] High, Bad cast with text editing. Credit to wushi of team509.
    - [49964] High, Possible address bar spoofing with history bug. Credit to
      Mike Taylor.
    - [50515] [51835] High, Memory corruption in MIME type handling. Credit to
      Sergey Glazunov.
    - [50553] Critical, Crash on shutdown due to notifications bug. Credit to
      Sergey Glazunov.
    - [51146] Medium, Stop omnibox autosuggest if the user might be about to
      type a password. Credit to Robert Hansen.
    - [51654] High, Memory corruption with Ruby support. Credit to kuzzcc.
    - [51670] High, Memory corruption with Geolocation support. Credit to
      kuzzcc.
  * Add the xul libdir to LD_LIBRARY_PATH in the wrapper to help icedtea6-plugin
    (LP: #529242). This is needed at least for openjdk-6 6b18.
    - update debian/chromium-browser.sh
  * No longer use tar --lzma in get-orig-source now that it silently uses xz
    (since tar 1.23-2) which is not available in the backports. Use "tar | lzma"
    instead so the embedded tarball is always a lzma file
    - update debian/rules
  * Tweak the user agent to include Chromium and the Distro's name and version.
    - add debian/patches/chromium_useragent.patch.in
    - update debian/patches/series
    - update debian/rules
  * Fix a typo in the subst_files rule
    - update debian/rules
  * Fix a gyp file that triggers an error with newer gyp (because of dead code)
    - add debian/patches/drop_unused_rules_to_please_newer_gyp.patch
    - update debian/patches/series
  * Bump gyp Build-Depends to >= 0.1~svn810 to match upstream requirement
    - update debian/control
 -- Fabien Tassin <email address hidden> Fri, 20 Aug 2010 14:09:16 +0200

Copied gyp and chromium-browser to -updates and -security.