Ubuntu
chromium-browser package

9.0.597.94 -> 9.0.597.107

Bug #726895 reported by Fabien Tassin
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Fabien Tassin
Lucid
Fix Released
High
Jamie Strandboge
Maverick
Fix Released
High
Jamie Strandboge
Natty
Fix Released
High
Fabien Tassin

Bug Description

Binary package hint: chromium-browser

Upstream just released a new Minor (stable) release fixing a bunch of security issues.

Needed in natty, maverick and lucid.

Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Natty):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
status: New → In Progress
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
status: New → In Progress
Fabien Tassin (fta)
visibility: private → public
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 9.0.597.107~r75357-0ubuntu1

---------------
chromium-browser (9.0.597.107~r75357-0ubuntu1) natty; urgency=high

  * New upstream release from the Stable Channel (LP: #726895)
    This release fixes the following security issues:
    + Webkit bugs:
      - [54262] High, URL bar spoof with history interaction. Credit to Jordi
        Chancel.
      - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
      - [68741] High, Stale pointer with key frame rule. Credit to Sergey
        Glazunov.
      - [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
      - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
      - [71114] High, Stale node in table child handling. Credit to Martin
        Barbella.
      - [71115] High, Stale pointer in table rendering. Credit to Martin
        Barbella.
      - [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
      - [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
      - [71388] High, Crash in textarea handling. Credit to wushi of team509.
      - [71595] High, Stale pointer in device orientation. Credit to Sergey
        Glazunov.
      - [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
      - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
        Security Team (Inferno).
      - [73235] High, Stale pointer in layout. Credit to Martin Barbella.
    + Chromium bugs:
      - [63732] High, Crash with javascript dialogs. Credit to Sergey
        Radchenko.
      - [64-bit only] [70376] Medium, Out-of-bounds read in pickle
        deserialization. Credit to Evgeniy Stepanov of the Chromium development
        community.
      - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
      - [72214] High, Accidental exposure of internal extension functions.
        Credit to Tavis Ormandy of the Google Security Team.
      - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
        Silva.
  * Bump the lang-pack package from Suggests to Recommends (LP: #689267)
    - update debian/control
  * Disable PIE on Armel/Lucid (LP: #716703)
    - update debian/rules
  * Add the disk usage to the Apport hooks
    - update debian/apport/chromium-browser.py
  * Drop gyp from Build-Depends, use in-source gyp instead
    - update debian/control
  * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
    - update debian/rules
    - update debian/control
    - add debian/chromium-codecs-ffmpeg-extra.install
    - add debian/chromium-codecs-ffmpeg.install
 -- Fabien Tassin <email address hidden> Tue, 01 Mar 2011 00:14:02 +0100

Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Released
Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
assignee: nobody → Micah Gersten (micahg)
Revision history for this message
Micah Gersten (micahg) wrote :

Packages ACKd and have been uploaded to ubuntu-security-proposed PPA

tags: added: security-verification
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 9.0.597.107~r75357-0ubuntu0.10.10.1

---------------
chromium-browser (9.0.597.107~r75357-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream release from the Stable Channel (LP: #726895)
    This release fixes the following security issues:
    + Webkit bugs:
      - [54262] High, URL bar spoof with history interaction. Credit to Jordi
        Chancel.
      - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
      - [68741] High, Stale pointer with key frame rule. Credit to Sergey
        Glazunov.
      - [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
      - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
      - [71114] High, Stale node in table child handling. Credit to Martin
        Barbella.
      - [71115] High, Stale pointer in table rendering. Credit to Martin
        Barbella.
      - [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
      - [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
      - [71388] High, Crash in textarea handling. Credit to wushi of team509.
      - [71595] High, Stale pointer in device orientation. Credit to Sergey
        Glazunov.
      - [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
      - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
        Security Team (Inferno).
      - [73235] High, Stale pointer in layout. Credit to Martin Barbella.
    + Chromium bugs:
      - [63732] High, Crash with javascript dialogs. Credit to Sergey
        Radchenko.
      - [64-bit only] [70376] Medium, Out-of-bounds read in pickle
        deserialization. Credit to Evgeniy Stepanov of the Chromium development
        community.
      - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
      - [72214] High, Accidental exposure of internal extension functions.
        Credit to Tavis Ormandy of the Google Security Team.
      - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
        Silva.
  * Bump the lang-pack package from Suggests to Recommends (LP: #689267)
    - update debian/control
  * Disable PIE on Armel/Lucid (LP: #716703)
    - update debian/rules
  * Add the disk usage to the Apport hooks
    - update debian/apport/chromium-browser.py
  * Drop gyp from Build-Depends, use in-source gyp instead
    - update debian/control
  * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
    - update debian/rules
    - update debian/control
    - add debian/chromium-codecs-ffmpeg-extra.install
    - add debian/chromium-codecs-ffmpeg.install
 -- Fabien Tassin <email address hidden> Tue, 01 Mar 2011 00:14:02 +0100

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 9.0.597.107~r75357-0ubuntu0.10.04.1

---------------
chromium-browser (9.0.597.107~r75357-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream release from the Stable Channel (LP: #726895)
    This release fixes the following security issues:
    + Webkit bugs:
      - [54262] High, URL bar spoof with history interaction. Credit to Jordi
        Chancel.
      - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
      - [68741] High, Stale pointer with key frame rule. Credit to Sergey
        Glazunov.
      - [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
      - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
      - [71114] High, Stale node in table child handling. Credit to Martin
        Barbella.
      - [71115] High, Stale pointer in table rendering. Credit to Martin
        Barbella.
      - [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
      - [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
      - [71388] High, Crash in textarea handling. Credit to wushi of team509.
      - [71595] High, Stale pointer in device orientation. Credit to Sergey
        Glazunov.
      - [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
      - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
        Security Team (Inferno).
      - [73235] High, Stale pointer in layout. Credit to Martin Barbella.
    + Chromium bugs:
      - [63732] High, Crash with javascript dialogs. Credit to Sergey
        Radchenko.
      - [64-bit only] [70376] Medium, Out-of-bounds read in pickle
        deserialization. Credit to Evgeniy Stepanov of the Chromium development
        community.
      - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
      - [72214] High, Accidental exposure of internal extension functions.
        Credit to Tavis Ormandy of the Google Security Team.
      - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
        Silva.
  * Bump the lang-pack package from Suggests to Recommends (LP: #689267)
    - update debian/control
  * Disable PIE on Armel/Lucid (LP: #716703)
    - update debian/rules
  * Add the disk usage to the Apport hooks
    - update debian/apport/chromium-browser.py
  * Drop gyp from Build-Depends, use in-source gyp instead
    - update debian/control
  * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
    - update debian/rules
    - update debian/control
    - add debian/chromium-codecs-ffmpeg-extra.install
    - add debian/chromium-codecs-ffmpeg.install
 -- Fabien Tassin <email address hidden> Tue, 01 Mar 2011 00:14:02 +0100

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I forgot to mention that lucid and maverick both passed QRT:scripts/test-browser.py on i386 and amd64

Changed in chromium-browser (Ubuntu Lucid):
assignee: Micah Gersten (micahg) → Jamie Strandboge (jdstrand)
Changed in chromium-browser (Ubuntu Maverick):
assignee: Micah Gersten (micahg) → Jamie Strandboge (jdstrand)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.