Bug #1223855 “after opening webapps window and a normal window, ...” : Bugs : chromium-browser package : Ubuntu

Chad Miller (cmiller) on 2013-09-11

Changed in chromium-browser (Ubuntu):
assignee:	nobody → Chad Miller (cmiller)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-11-04:

#1

Download full text (3.1 KiB)

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.13.10.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.13.10.2) saucy-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.13.10.1) saucy-updates; urgency=low

  * New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches. Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail. (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now. More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.
-- Chad MILLER <email address hidden> Sun, 27 Oct ...

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.13.10.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.13.10.2) saucy-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
    Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.13.10.1) saucy-updates; urgency=low

* New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches.  Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail.  (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now.  More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.
 -- Chad MILLER <chad.miller@canonical.com>   Sun, 27 Oct 2013 13:08:11 -0400

Changed in chromium-browser (Ubuntu):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-11-04:

#2

Download full text (6.8 KiB)

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.12.04.3

---------------
chromium-browser (30.0.1599.114-0ubuntu0.12.04.3) precise-security; urgency=low

* debian/patches/menu-bar-visible.patch: Variable is the object itself, not a
reference needed to ".get" it.

chromium-browser (30.0.1599.114-0ubuntu0.12.04.2) precise-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.12.04.1) precise-updates; urgency=low

  * New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches. Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail. (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not ...

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.12.04.3

---------------
chromium-browser (30.0.1599.114-0ubuntu0.12.04.3) precise-security; urgency=low

* debian/patches/menu-bar-visible.patch: Variable is the object itself, not a
    reference needed to ".get" it.

chromium-browser (30.0.1599.114-0ubuntu0.12.04.2) precise-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
    Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.12.04.1) precise-updates; urgency=low

* New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches.  Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail.  (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now.  More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.

chromium-browser (29.0.1547.65-0ubuntu0.12.04.2) precise-security; urgency=low

* Make chromium-browser-l10n Replaces chromium-browser so that new
    translations that were added in v28 packaging are now in the correct
    -l10n package.  (LP: #1222488)
  * Disable autopkgtest "smoketest" failure until its misbehavior on some
    environments can be diagnosed from log files.

chromium-browser (29.0.1547.65-0ubuntu0.12.04.1) precise-security; urgency=low

* New release 29.0.1547.65.
  * New release 29.0.1547.62.
  * New release 29.0.1547.57:  (LP: #1215361)
    - CVE-2013-2900: Incomplete path sanitization in file handling.
    - CVE-2013-2905: Information leak via overly broad permissions on shared
      memory files.
    - CVE-2013-2901: Integer overflow in ANGLE.
    - CVE-2013-2902: Use after free in XSLT.
    - CVE-2013-2903: Use after free in media element.
    - CVE-2013-2904: Use after free in document parsing.
    - CVE-2013-2887: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 29).
  * debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine
    list.  [Caine Tighe <~caine>]
  * debian/patches/search-credit.patch:  Update URLs.
  * debian/patches/disable_dlog_and_dcheck_in_release_builds.patch,
    debian/patches/wehkit_rev_parser.patch,
      No longer necessary.  Deleted.
  * debian/chromium-browser.sh.in: Include command-line parameters for
    registered plugins.
  * Since we include remoting locales too, also split its locales info
    into the -l10n package correctly.
  * debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND
    breaks build right now.
  * debian/rules: Fix packaging-completeness checker.
  * debian/rules: Break long expressions into discrete parts in packaging
    completeness checker.
  * debian/rules:
    - Make unused-file matches simpler, and install rule more descriptive.
    - get-orig-source has to make the directory for the orig contents.
  * debian/source/lintian-overrides:
    - Add old-fsf-address-in-copyright-file and image-file-in-usr-lib
    - Fix setuid-binary to be "source". Seems like it should be "binary". :(
  * debian/checkout-orig-source.mk: Remove tests and add unofficialness
    marker file to orig tarball when we can't use upstream orig releases.
  * debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser,
    expmplary for extension placement.
  * debian/patches/extensions-directory.patch: Use a /usr/share/ directory that
    is named with our package, not "chromium". Withouth this, we force global
    extensions to violate FHS.

chromium-browser (28.0.1500.95-0ubuntu0.12.04.2) precise-security; urgency=low

* debian/control: Set VCS URL to be accurate.
  * New release 28.0.1500.95:
    - CVE-2013-2881: Origin bypass in frame handling.
    - CVE-2013-2882: Type confusion in V8.
    - CVE-2013-2883: Use-after-free in MutationObserver.
    - CVE-2013-2884: Use-after-free in DOM.
    - CVE-2013-2885: Use-after-free in input handling.
    - CVE-2013-2886: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules:
    - Keepalive in tests rule, to keep builder machines from reaping.
    - Further exclude a few tests that interact with fakeroot,
      ReadOnlyFileUtilTest.
  * debian/rules:
    - Disable logging calls in chromium binary to save several MB of executable
      size.
  * debian/patches/linker-asneeded-bug.patch:
    - Add patch to work around linker bug.
  * debian/keep-alive.sh:
    - Treat disappearing /proc as error, and quit.
 -- Chad MILLER <chad.miller@canonical.com>   Wed, 30 Oct 2013 12:46:50 -0400

Changed in chromium-browser (Ubuntu):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-11-04:

#4

Download full text (6.7 KiB)

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.12.10.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.12.10.2) quantal-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.12.10.1) quantal-updates; urgency=low

  * New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches. Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail. (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now. More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.

chromium-browser (29.0.1547.65-0ubuntu0.12.10.2) quan...

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.12.10.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.12.10.2) quantal-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
    Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.12.10.1) quantal-updates; urgency=low

* New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches.  Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail.  (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now.  More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.

chromium-browser (29.0.1547.65-0ubuntu0.12.10.2) quantal-security; urgency=low

* Make chromium-browser-l10n Replaces chromium-browser so that new
    translations that were added in v28 packaging are now in the correct
    -l10n package.  (LP: #1222488)
  * Disable autopkgtest "smoketest" failure until its misbehavior on some
    environments can be diagnosed from log files.

chromium-browser (29.0.1547.65-0ubuntu0.12.10.1) quantal-security; urgency=low

* New release 29.0.1547.65.
  * New release 29.0.1547.62.
  * New release 29.0.1547.57:  (LP: #1215361)
    - CVE-2013-2900: Incomplete path sanitization in file handling.
    - CVE-2013-2905: Information leak via overly broad permissions on shared
      memory files.
    - CVE-2013-2901: Integer overflow in ANGLE.
    - CVE-2013-2902: Use after free in XSLT.
    - CVE-2013-2903: Use after free in media element.
    - CVE-2013-2904: Use after free in document parsing.
    - CVE-2013-2887: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 29).
  * debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine
    list.  [Caine Tighe <~caine>]
  * debian/patches/search-credit.patch:  Update URLs.
  * debian/patches/disable_dlog_and_dcheck_in_release_builds.patch,
    debian/patches/wehkit_rev_parser.patch,
      No longer necessary.  Deleted.
  * debian/chromium-browser.sh.in: Include command-line parameters for
    registered plugins.
  * Since we include remoting locales too, also split its locales info
    into the -l10n package correctly.
  * debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND
    breaks build right now.
  * debian/rules: Fix packaging-completeness checker.
  * debian/rules: Break long expressions into discrete parts in packaging
    completeness checker.
  * Update webapps patches.
  * debian/rules:
    - Make unused-file matches simpler, and install rule more descriptive.
    - get-orig-source has to make the directory for the orig contents.
  * debian/source/lintian-overrides:
    - Add old-fsf-address-in-copyright-file and image-file-in-usr-lib
    - Fix setuid-binary to be "source". Seems like it should be "binary". :(
  * debian/checkout-orig-source.mk: Remove tests and add unofficialness
    marker file to orig tarball when we can't use upstream orig releases.
  * debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser,
    expmplary for extension placement.
  * debian/patches/extensions-directory.patch: Use a /usr/share/ directory that
    is named with our package, not "chromium". Withouth this, we force global
    extensions to violate FHS.

chromium-browser (28.0.1500.95-0ubuntu0.12.10.2) quantal-security; urgency=low

* debian/control: Set VCS URL to be accurate.
  * New release 28.0.1500.95:
    - CVE-2013-2881: Origin bypass in frame handling.
    - CVE-2013-2882: Type confusion in V8.
    - CVE-2013-2883: Use-after-free in MutationObserver.
    - CVE-2013-2884: Use-after-free in DOM.
    - CVE-2013-2885: Use-after-free in input handling.
    - CVE-2013-2886: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules:
    - Keepalive in tests rule, to keep builder machines from reaping.
    - Further exclude a few tests that interact with fakeroot,
      ReadOnlyFileUtilTest.
  * debian/rules:
    - Disable logging calls in chromium binary to save several MB of executable
      size.
  * debian/patches/linker-asneeded-bug.patch:
    - Add patch to work around linker bug.
  * debian/keep-alive.sh:
    - Treat disappearing /proc as error, and quit.
 -- Chad MILLER <chad.miller@canonical.com>   Sun, 27 Oct 2013 13:08:11 -0400

Changed in chromium-browser (Ubuntu):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-11-04:

#3

Download full text (7.1 KiB)

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.13.04.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.13.04.2) raring-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.13.04.1) raring-updates; urgency=low

  * New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches. Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail. (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now. More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.

chromium-browser (29.0.1547.65-0ubuntu0.13.04.2) raring...

This bug was fixed in the package chromium-browser - 30.0.1599.114-0ubuntu0.13.04.2

---------------
chromium-browser (30.0.1599.114-0ubuntu0.13.04.2) raring-security; urgency=low

* Test the compiler for "-m32" support as the canonical test of support.
    Only a problem on ARM.

chromium-browser (30.0.1599.114-0ubuntu0.13.04.1) raring-updates; urgency=low

* New release 30.0.1599.114.
  * New release 30.0.1599.101:
    - CVE-2013-2925: Use after free in XHR.
    - CVE-2013-2926: Use after free in editing.
    - CVE-2013-2927: Use after free in forms.
  * New release 29.0.1547.76.
  * New release 30.0.1599.66:
    - CVE-2013-2906: Races in Web Audio.
    - CVE-2013-2907: Out of bounds read in Window.prototype object.
    - CVE-2013-2908: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2909: Use after free in inline-block rendering.
    - CVE-2013-2910: Use-after-free in Web Audio.
    - CVE-2013-2911: Use-after-free in XSLT.
    - CVE-2013-2912: Use-after-free in PPAPI.
    - CVE-2013-2913: Use-after-free in XML document parsing.
    - CVE-2013-2914: Use after free in the Windows color chooser dialog.
    - CVE-2013-2915: Address bar spoofing via a malformed scheme.
    - CVE-2013-2916: Address bar spoofing related to the “204 No Content”
      status code.
    - CVE-2013-2917: Out of bounds read in Web Audio.
    - CVE-2013-2918: Use-after-free in DOM.
    - CVE-2013-2919: Memory corruption in V8.
    - CVE-2013-2920: Out of bounds read in URL parsing.
    - CVE-2013-2921: Use-after-free in resource loader.
    - CVE-2013-2922: Use-after-free in template element.
    - CVE-2013-2923: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 30).
    - CVE-2013-2924: Use-after-free in ICU.
  * debian/tests/...: Make first real tests using sikuli. Probably quite
    fragile on changes to upstream. (LP: #1222895)
  * debian/patches/4-chromeless-window-launch-option.patch: Make new windows
    use their own state instead of checking the parameters of the instance that
    started all processes for whether a window has chrome or not. (LP: #1223855)
  * Update autopkgtest tests.
  * debian/patches/series: Drop comment references to old patches.  Remove
    files.
  * debian/rules: Don't build 'reliability_tests' any more. It's deprecated
    upstream and we don't use it anyway.
  * debian/rules: debian/chromium-browser.install: Handle sandbox compilation
    configuration changes by stopping our special handling and using the default,
    and "you have to change the underscore from the build target into a hyphen".
  * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
    (LP: #1226143)
  * debian/testing/driver: Cheap run test to make sure chromedriver runs.
    (LP: #1226143)
  * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
    caused extensions to fail.  (LP: #1232575)
  * debian/rules: Use runtime linker for all architectures, not just 64-bit.
    Component builds everywhere, now.  More than 4GB is too much to expect.
  * debian/rules: clean up packaging comparison code.

chromium-browser (29.0.1547.65-0ubuntu0.13.04.2) raring-security; urgency=low

* debian/control: Make chromium-browser-l10n Replaces chromium-browser so
    that new translations that were added in v28 packaging are now in the
    correct -l10n package.  (LP: #1222488)
  * debian/rules: Remove unused duplicate-exclusion patterns. Again.
  * debian/control: Make codecs packages no longer Depend on chromium-browser,
    so that "extras" metapackages can pull them in without enormous browser.
    (LP: #1208518)
  * debian/tests/control: Don't use needs-build flag as we don't need it
    presently. Also, disable autopkgtest "smoketest" failure until its
    misbehavior on some environments can be diagnosed from log files.
  * debian/patches/4-chromeless-window-launch-option.patch: Add missing
    construction initializer. (LP: #1223251)

chromium-browser (29.0.1547.65-0ubuntu0.13.04.1) raring-security; urgency=low

* New release 29.0.1547.65.
  * New release 29.0.1547.62.
  * New release 29.0.1547.57:  (LP: #1215361)
    - CVE-2013-2900: Incomplete path sanitization in file handling.
    - CVE-2013-2905: Information leak via overly broad permissions on shared
      memory files.
    - CVE-2013-2901: Integer overflow in ANGLE.
    - CVE-2013-2902: Use after free in XSLT.
    - CVE-2013-2903: Use after free in media element.
    - CVE-2013-2904: Use after free in document parsing.
    - CVE-2013-2887: Various fixes from internal audits, fuzzing and other
      initiatives (Chrome 29).
  * debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine
    list.  [Caine Tighe <~caine>]
  * debian/patches/search-credit.patch:  Update URLs.
  * debian/patches/disable_dlog_and_dcheck_in_release_builds.patch,
    debian/patches/wehkit_rev_parser.patch,
      No longer necessary.  Deleted.
  * debian/chromium-browser.sh.in: Include command-line parameters for
    registered plugins.
  * Since we include remoting locales too, also split its locales info
    into the -l10n package correctly.
  * debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND
    breaks build right now.
  * debian/rules: Fix packaging-completeness checker.
  * debian/rules: Break long expressions into discrete parts in packaging
    completeness checker.
  * Update webapps patches.
  * debian/rules:
    - Make unused-file matches simpler, and install rule more descriptive.
    - get-orig-source has to make the directory for the orig contents.
  * debian/source/lintian-overrides:
    - Add old-fsf-address-in-copyright-file and image-file-in-usr-lib
    - Fix setuid-binary to be "source". Seems like it should be "binary". :(
  * debian/checkout-orig-source.mk: Remove tests and add unofficialness
    marker file to orig tarball when we can't use upstream orig releases.
  * debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser,
    expmplary for extension placement.
  * debian/patches/extensions-directory.patch: Use a /usr/share/ directory that
    is named with our package, not "chromium". Withouth this, we force global
    extensions to violate FHS.

chromium-browser (28.0.1500.95-0ubuntu0.13.04.2) raring-security; urgency=low

* debian/control: Set VCS URL to be accurate.
  * New release 28.0.1500.95:
    - CVE-2013-2881: Origin bypass in frame handling.
    - CVE-2013-2882: Type confusion in V8.
    - CVE-2013-2883: Use-after-free in MutationObserver.
    - CVE-2013-2884: Use-after-free in DOM.
    - CVE-2013-2885: Use-after-free in input handling.
    - CVE-2013-2886: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules:
    - Keepalive in tests rule, to keep builder machines from reaping.
    - Further exclude a few tests that interact with fakeroot,
      ReadOnlyFileUtilTest.
  * debian/rules:
    - Disable logging calls in chromium binary to save several MB of executable
      size.
  * debian/patches/linker-asneeded-bug.patch:
    - Add patch to work around linker bug.
  * debian/keep-alive.sh:
    - Treat disappearing /proc as error, and quit.
 -- Chad MILLER <chad.miller@canonical.com>   Sun, 27 Oct 2013 13:08:11 -0400

Changed in chromium-browser (Ubuntu):
status:	New → Fix Released

Ubuntu
chromium-browser package

after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntuchromium-browser package

after opening webapps window and a normal window, normal window doesn't respond to Ctrl-T

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
chromium-browser package