Ubuntu
chromium-browser package

6.0.472.59~r59126 -> 6.0.472.62~r59676 upgrade

Bug #641699 reported by Fabien Tassin
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
Critical
Fabien Tassin
Lucid
Fix Released
Critical
Fabien Tassin
Maverick
Fix Released
Critical
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new security update, fixing 3 bugs (2 high, 1 critical).

http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html

needed in lucid and maverick.

Revision history for this message
Fabien Tassin (fta) wrote :

For lucid, i'll collapse the last 3 updates (.55, .59 and this .62) as .55 is still waiting in -proposed and still needs to wait a few more days.

visibility: private → public
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → Critical
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → Critical
status: New → In Progress
Revision history for this message
Fabien Tassin (fta) wrote :

building in https://launchpad.net/~chromium-daily/+archive/stable/+packages

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 6.0.472.62~r59676-0ubuntu1

---------------
chromium-browser (6.0.472.62~r59676-0ubuntu1) maverick; urgency=high

  * New upstream release from the Stable Channel (LP: #641699)
    This release fixes the following security issues:
    - [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
    - [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
      Mike Belshe of the Chromium development community.
    - [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
      of MindedSecurity.
  * Add some translations for the "Name" field in the desktop file, and fix
    some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
    See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to
    contribute more translations (LP: #631670)
 -- Fabien Tassin <email address hidden> Fri, 17 Sep 2010 22:25:54 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I uploaded 6.0.472.62~r59676-0ubuntu0.10.04.1 to the ubuntu-sepcurity-proposed PPA last night. armel is still building, but I will pocket copy to lucid-proposed when it is done.

tags: added: security-verification
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: added: verification-needed
removed: security-verification
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Confirmed 6.0.472.62~r59676-0ubuntu0.10.04.1 works fine. Used QRT and the new version introduced no regressions.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 6.0.472.62~r59676-0ubuntu0.10.04.1

---------------
chromium-browser (6.0.472.62~r59676-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream release from the Stable Channel (LP: #641699)
    This release fixes the following security issues:
    - [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
    - [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
      Mike Belshe of the Chromium development community.
    - [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
      of MindedSecurity.
    Also includes the following security issues from 6.0.472.59 (LP: #638736)
    - [50250] High, Use-after-free when using document APIs during parse.
      Credit to David Weston of Microsoft + Microsoft Vulnerability Research
      (MSVR) and wushi of team 509 (independent discoveries).
    - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
    - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
    - [51709] Low, Possible browser assert in cursor handling. Credit to
      “magnusmorton”.
    - [51919] High, Race condition in console handling. Credit to kuzzcc.
    - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
    - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
    - [53930] High, Memory corruption in Khmer handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - [54006] Low, Failure to prompt for extension history access. Credit to
      “adriennefelt”.
  * Don't build with PIE on armel for now, it fails to link.
    - update debian/rules
  * Add some translations for the "Name" field in the desktop file, and fix
    some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
    See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to
    contribute more translations (LP: #631670)
 -- Fabien Tassin <email address hidden> Fri, 17 Sep 2010 22:25:54 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.