Format: 1.8 Date: Fri, 17 Sep 2010 22:25:54 +0200 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector Architecture: armel armel_translations Version: 6.0.472.62~r59676-0ubuntu0.10.04.1 Distribution: lucid Urgency: high Maintainer: Ubuntu/armel Build Daemon Changed-By: Fabien Tassin Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-inspector - page inspector for the chromium-browser chromium-browser-l10n - chromium-browser language packages Launchpad-Bugs-Fixed: 631670 638736 641699 Changes: chromium-browser (6.0.472.62~r59676-0ubuntu0.10.04.1) lucid-security; urgency=high . * New upstream release from the Stable Channel (LP: #641699) This release fixes the following security issues: - [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509. - [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to Mike Belshe of the Chromium development community. - [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola of MindedSecurity. Also includes the following security issues from 6.0.472.59 (LP: #638736) - [50250] High, Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries). - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc. - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc. - [51709] Low, Possible browser assert in cursor handling. Credit to “magnusmorton”. - [51919] High, Race condition in console handling. Credit to kuzzcc. - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc. - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc. - [53930] High, Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans). - [54006] Low, Failure to prompt for extension history access. Credit to “adriennefelt”. * Don't build with PIE on armel for now, it fails to link. - update debian/rules * Add some translations for the "Name" field in the desktop file, and fix some "Comment" / "GenericName". Thanks to the Ubuntu translation team. See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to contribute more translations (LP: #631670) Checksums-Sha1: 5966ba292350679e960592ccb636bb9f7480d5c7 17404562 chromium-browser_6.0.472.62~r59676-0ubuntu0.10.04.1_armel.deb 613389ba16594fb3a65570cdedee3370c21d34f6 17105 chromium-browser_6.0.472.62~r59676-0ubuntu0.10.04.1_armel_translations.tar.gz cf9373b0a9ac0b129bc30503b7c31b2c15bda47b 184284248 chromium-browser-dbg_6.0.472.62~r59676-0ubuntu0.10.04.1_armel.deb Checksums-Sha256: aa31019d0f4b8e38a21baf5095350859c25fe33df2c2741602b9137951e06ca8 17404562 chromium-browser_6.0.472.62~r59676-0ubuntu0.10.04.1_armel.deb e66ec31e9c660c6ad1865bfc26ea2d7a5fb3109c9bbc09668d98ee04f5670ea8 17105 chromium-browser_6.0.472.62~r59676-0ubuntu0.10.04.1_armel_translations.tar.gz e2eebee6851fb02701b70c4f7a9c3f721620b9d88cdc7c2315b3beefb4bd59b0 184284248 chromium-browser-dbg_6.0.472.62~r59676-0ubuntu0.10.04.1_armel.deb Files: f0ce4e62357acc2c87b796cfe2d49354 17404562 web optional chromium-browser_6.0.472.62~r59676-0ubuntu0.10.04.1_armel.deb 6201410a3861cf56fd4c4b7bcf430aa1 17105 raw-translations - chromium-browser_6.0.472.62~r59676-0ubuntu0.10.04.1_armel_translations.tar.gz 4a97e87fb9c20bf4689d2eed44299aaa 184284248 devel optional chromium-browser-dbg_6.0.472.62~r59676-0ubuntu0.10.04.1_armel.deb