Ubuntu
chromium-browser package

6.0.472.63~r59945 -> 7.0.517.41~r62167 upgrade

Bug #663523 reported by Fabien Tassin
26
This bug affects 3 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Fabien Tassin
Lucid
Fix Released
High
Unassigned
Maverick
Fix Released
High
Unassigned
Natty
Fix Released
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new Major (stable) release, also fixing a bunch ofsecurity issues.
See http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html

Needed in natty, maverick and lucid.

Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 7.0.517.41~r62167-0ubuntu1

---------------
chromium-browser (7.0.517.41~r62167-0ubuntu1) natty; urgency=high

  * New upstream Major release from the Stable Channel (LP: #663523), also
    fixing the following security issues:
    - [48225] [51727] Medium, Possible autofill / autocomplete profile
      spamming. Credit to Google Chrome Security Team (Inferno).
    - [48857] High, Crash with forms. Credit to the Chromium development
      community.
    - [50428] Critical, Browser crash with form autofill. Credit to the
      Chromium development community.
    - [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc;
      plus independent discovery by Jordi Chancel.
    - [53002] Low, Pop-up block bypass. Credit to kuzzcc.
    - [53985] Medium, Crash on shutdown with Web Sockets. Credit to the
      Chromium development community.
    - [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg,
      Virtual Security Research.
    - [54500] High, Possible memory corruption with animated GIF. Credit to
      Simon Schaak.
    - [54794] High, Failure to sandbox worker processes on Linux. Credit to
      Google Chrome Security Team (Chris Evans).
    - [56451] High, Stale elements in an element map. Credit to Michal Zalewski
      of the Google Security Team.
  * Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the
    strict-aliasing issue in dtoa has been fixed
    - drop debian/patches/no_tree_sink_v8.patch
    - update debian/patches/series
  * Drop the xdg-mime patch now that we catched up with v7
    - drop debian/patches/xdg-utils-update.patch
  * Disable -Werror when building with gcc 4.5 until
    http://code.google.com/p/chromium/issues/detail?id=49533 gets fixed
    - update debian/rules
  * Fix the apport hook crash when the use_system key is unset (LP: #660579)
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Tue, 19 Oct 2010 22:36:19 +0200

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded 7.0.517.41~r62167-0ubuntu0.10.04.1 and 7.0.517.41~r62167-0ubuntu0.10.10.1 to the ubuntu-security-proposed PPA.

Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
importance: Undecided → High
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser to proposed for lucid and maverick. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Update OK in Lucid i386, seems to work fine.

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

I've been using chromium-browser 7.0.517.41~r62167-0ubuntu0.10.10.1 from maverick-proposed for 1 week now without any failure. setting to verification-done

tags: added: verification-done
removed: verification-needed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Verify lucid and maverick with QRT:scripts/test-browser.py and it works fine.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 7.0.517.41~r62167-0ubuntu0.10.10.1

---------------
chromium-browser (7.0.517.41~r62167-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #663523), also
    fixing the following security issues:
    - [48225] [51727] Medium, Possible autofill / autocomplete profile
      spamming. Credit to Google Chrome Security Team (Inferno).
    - [48857] High, Crash with forms. Credit to the Chromium development
      community.
    - [50428] Critical, Browser crash with form autofill. Credit to the
      Chromium development community.
    - [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc;
      plus independent discovery by Jordi Chancel.
    - [53002] Low, Pop-up block bypass. Credit to kuzzcc.
    - [53985] Medium, Crash on shutdown with Web Sockets. Credit to the
      Chromium development community.
    - [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg,
      Virtual Security Research.
    - [54500] High, Possible memory corruption with animated GIF. Credit to
      Simon Schaak.
    - [54794] High, Failure to sandbox worker processes on Linux. Credit to
      Google Chrome Security Team (Chris Evans).
    - [56451] High, Stale elements in an element map. Credit to Michal Zalewski
      of the Google Security Team.
  * Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the
    strict-aliasing issue in dtoa has been fixed
    - drop debian/patches/no_tree_sink_v8.patch
    - update debian/patches/series
  * Drop the xdg-mime patch now that we catched up with v7
    - drop debian/patches/xdg-utils-update.patch
  * Disable -Werror when building with gcc 4.5 until
    http://code.google.com/p/chromium/issues/detail?id=49533 gets fixed
    - update debian/rules
  * Fix the apport hook crash when the use_system key is unset (LP: #660579)
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <email address hidden> Tue, 19 Oct 2010 22:36:19 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 7.0.517.41~r62167-0ubuntu0.10.04.1

---------------
chromium-browser (7.0.517.41~r62167-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream Major release from the Stable Channel (LP: #663523), also
    fixing the following security issues:
    - [48225] [51727] Medium, Possible autofill / autocomplete profile
      spamming. Credit to Google Chrome Security Team (Inferno).
    - [48857] High, Crash with forms. Credit to the Chromium development
      community.
    - [50428] Critical, Browser crash with form autofill. Credit to the
      Chromium development community.
    - [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc;
      plus independent discovery by Jordi Chancel.
    - [53002] Low, Pop-up block bypass. Credit to kuzzcc.
    - [53985] Medium, Crash on shutdown with Web Sockets. Credit to the
      Chromium development community.
    - [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg,
      Virtual Security Research.
    - [54500] High, Possible memory corruption with animated GIF. Credit to
      Simon Schaak.
    - [54794] High, Failure to sandbox worker processes on Linux. Credit to
      Google Chrome Security Team (Chris Evans).
    - [56451] High, Stale elements in an element map. Credit to Michal Zalewski
      of the Google Security Team.
  * Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the
    strict-aliasing issue in dtoa has been fixed
    - drop debian/patches/no_tree_sink_v8.patch
    - update debian/patches/series
  * Disable -Werror when building with gcc 4.5 until
    http://code.google.com/p/chromium/issues/detail?id=49533 gets fixed
    - update debian/rules
  * Fix the apport hook crash when the use_system key is unset (LP: #660579)
    - update debian/apport/chromium-browser.py
  * Set CHROME_DESKTOP in the wrapper to help the default browser
    checker (LP: #513133)
    - update debian/chromium-browser.sh.in
 -- Fabien Tassin <email address hidden> Tue, 19 Oct 2010 22:36:19 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.