11.0.696.57 -> 11.0.696.65

Bug #778822 reported by Fabien Tassin
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Fix Released
High
Fabien Tassin
Lucid
Fix Released
High
Micah Gersten
Maverick
Fix Released
High
Micah Gersten
Natty
Fix Released
High
Micah Gersten
Oneiric
Fix Released
High
Fabien Tassin
Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Maverick):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → High
Changed in chromium-browser (Ubuntu Oneiric):
importance: Undecided → High
assignee: nobody → Fabien Tassin (fta)
status: New → Fix Committed
security vulnerability: no → yes
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu1) oneiric; urgency=high

  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2010-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2010-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2010-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2010-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2010-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2010-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Add a static quicklist for Unity allowing to open a new window (either regular
    or incognito) or a fresh session with a temporary profile
    - update debian/chromium-browser.desktop
  * Don't let scour touch the svg files (LP: #748881)
    - update debian/rules
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules
  * Build with gcc-4.5 on Oneiric for now. It's not ready for 4.6
    - update debian/control
    - update debian/rules
 -- Fabien Tassin <email address hidden> Fri, 06 May 2011 23:04:53 +0200

Changed in chromium-browser (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Revision history for this message
Fabien Tassin (fta) wrote :

oops, all the CVE ids are wrong.. s/2010/2011/g

Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Maverick):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Changed in chromium-browser (Ubuntu Natty):
status: New → In Progress
assignee: nobody → Micah Gersten (micahg)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Copied Lucid-Natty to -proposed.

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Natty):
status: In Progress → Fix Committed
Micah Gersten (micahg)
tags: added: verification-needed
Revision history for this message
Micah Gersten (micahg) wrote :

Tested lucid amd64 and i386 with QRT. No regressions over previous functionality.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu0.10.04.1) lucid-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2011-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules

  [ Micah Gersten <email address hidden> ]
  * Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
    - update debian/control
 -- Micah Gersten <email address hidden> Sun, 08 May 2011 01:46:21 +0200

Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Micah Gersten (micahg) wrote :

Tested maverick amd64 and i386 with QRT. No regressions over previous functionality.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu0.10.10.1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2011-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules

  [ Micah Gersten <email address hidden> ]
  * Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
    - update debian/control
 -- Micah Gersten <email address hidden> Sun, 08 May 2011 02:26:50 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Micah Gersten (micahg) wrote :

Tested natty on amd64 and i386 with QRT, no regressions over previous functionality

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu0.11.04.1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu0.11.04.1) natty-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2011-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules

  [ Micah Gersten <email address hidden> ]
  * Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
    - update debian/control
 -- Micah Gersten <email address hidden> Sun, 08 May 2011 02:57:29 +0200

Changed in chromium-browser (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.