Ubuntu
chromium-browser package

10.0.648.133 -> 10.0.648.204

Bug #742118 reported by Fabien Tassin
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Fabien Tassin
Lucid
Fix Released
High
Micah Gersten
Maverick
Fix Released
High
Micah Gersten
Natty
Fix Released
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new Minor (stable) release fixing a bunch of security issues.

Needed in natty, maverick and lucid.

Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
assignee: Fabien Tassin (fta) → nobody
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.204~r79063-0ubuntu1

---------------
chromium-browser (10.0.648.204~r79063-0ubuntu1) natty; urgency=high

  * New upstream minor release from the Stable Channel (LP: #742118)
    This release fixes the following security issues:
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
 -- Fabien Tassin <email address hidden> Thu, 24 Mar 2011 23:05:14 +0100

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Jamie Strandboge (jdstrand)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Revision history for this message
Fabien Tassin (fta) wrote :

grr, it FTBFS on arm, because nacl is not built there (dh_install fails).
i forgot that I disabled nacl for this arch a long time ago.
Workaround committed in the branch (only ship the .so lib if nacl was actually built), i will send an update to Natty asap.

For the next major release (ch11), i'd like to re-add nacl on arm, but i need to be sure it works fine first (and due to the lack of hardware, i'm obviously stuck).

For this update, how do you want to proceed for maverick and natty?
a/ you trash the source packages I gave you and i give new ones with the workaround
or
b/ you use the the source packages I gave you, they will FTBFS on arm (only) and I give you an incremental update with the workaround

I'm fine either way.

Revision history for this message
Fabien Tassin (fta) wrote :

ok, nacl builds on arm but doesn't seem to work yet (apparently because of the sandbox) so no big deal, the workaround is good enough for us.

see http://groups.google.com/group/native-client-discuss/browse_thread/thread/7b647580def4566d

Revision history for this message
Micah Gersten (micahg) wrote :

As I stated on IRC, I'm reluctant to push out this update until bug 743494 is resolved.

Revision history for this message
Fabien Tassin (fta) wrote :

I'll see if i can set --password-store=detect by default but i'm reluctant to wait for those 6 hot security fixes.
It's your call though. My side was ready in time.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.10.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.04.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.