* New upstream release from the Stable Channel (LP: #712655)
This release fixes the following security issues:
- [55831] High, Use-after-free in image loading. Credit to Aki Helin of
OUSPG.
- [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
to Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low, Browser crash with extension with missing key. Credit to
Brian Kirchoff.
- [65669] Low, Handle merging of autofill profiles more gracefully. Credit
to Google Chrome Security Team (Inferno).
- [68244] Low, Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical, Race condition in audio handling. Credit to the gamers
of Reddit!
* Add the app/resources/app_strings.grd template to the list
of templates translated in Launchpad
- update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
- remove debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
now done in the upstream gyp files
- update debian/control
- update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
to execute mouse and keyboard events
- update debian/control
* Fix the libgnutls dlopen to look for the sonamed lib
- add debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs.
This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
the libosmesa6 package are installed
- add debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/series
-- Fabien Tassin <email address hidden> Thu, 03 Feb 2011 22:56:37 +0100
This bug was fixed in the package chromium-browser - 9.0.597. 84~r72991- 0ubuntu0. 10.10.1
--------------- 84~r72991- 0ubuntu0. 10.10.1) maverick-security; urgency=high
chromium-browser (9.0.597.
* New upstream release from the Stable Channel (LP: #712655) app_strings. grd template to the list patches/ gcc-4.5- build-workaroun d.patch patches/ series patches/ dlopen_ libgnutls. patch patches/ series libGLESv2/ libEGL dlopen() to look for the sonamed libs. patches/ dlopen_ sonamed_ gl.patch patches/ series
This release fixes the following security issues:
- [55831] High, Use-after-free in image loading. Credit to Aki Helin of
OUSPG.
- [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
to Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low, Browser crash with extension with missing key. Credit to
Brian Kirchoff.
- [65669] Low, Handle merging of autofill profiles more gracefully. Credit
to Google Chrome Security Team (Inferno).
- [68244] Low, Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical, Race condition in audio handling. Credit to the gamers
of Reddit!
* Add the app/resources/
of templates translated in Launchpad
- update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
- remove debian/
- update debian/
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
now done in the upstream gyp files
- update debian/control
- update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
to execute mouse and keyboard events
- update debian/control
* Fix the libgnutls dlopen to look for the sonamed lib
- add debian/
- update debian/
* Fix the libosmesa/
This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
the libosmesa6 package are installed
- add debian/
- update debian/
-- Fabien Tassin <email address hidden> Thu, 03 Feb 2011 22:56:37 +0100