Bug #762275 “10.0.648.204 -> 10.0.648.205” : Bugs : chromium-browser package : Ubuntu

Fabien Tassin (fta) on 2011-04-15

visibility:	private → public
Changed in chromium-browser (Ubuntu Lucid):
status:	New → In Progress
importance:	Undecided → High
Changed in chromium-browser (Ubuntu Maverick):
importance:	Undecided → High
Changed in chromium-browser (Ubuntu Natty):
importance:	Undecided → High
status:	New → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status:	New → In Progress
Changed in chromium-browser (Ubuntu Natty):
assignee:	nobody → Fabien Tassin (fta)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-15:

#1

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu1) natty; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
  * Make the default mail client and browser settings work with the
    x-scheme-handler method of registering URI handlers in gnome3.
    This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
    <email address hidden>, itself based on Bastien Nocera <email address hidden>
    upstream fix (LP: #670128)
    - add debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
    - update debian/patches/series
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * Report a dedicated WMClass per webapp, needed by Unity/bamf.
    (backported from trunk) (LP: #692462)
    - add debian/patches/webapps-wm-class-lp692462.patch
    - update debian/patches/series
-- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Natty):
status:	Fix Committed → Fix Released

Fabien Tassin (fta) on 2011-04-17

Changed in chromium-browser (Ubuntu Lucid):
status:	In Progress → Fix Committed
Changed in chromium-browser (Ubuntu Maverick):
status:	In Progress → Fix Committed

Revision history for this message

Micah Gersten (micahg) wrote on 2011-04-19:

#2

Lucid and maverick packages uploaded to ubuntu-security proposed PPA.

Changed in chromium-browser (Ubuntu Maverick):
assignee:	nobody → Micah Gersten (micahg)

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-04-19:

#3

Per micahg via irc, maverick was tested via QRT and works as well as the previous release (excepting bug #743494, as mentioned in the NEWS file).

tags:

added: verification-done-maverick

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-04-19:

#4

Copied 10.0.648.205~r81283-0ubuntu0.10.10.1 to maverick-proposed.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-04-19:

#5

iLucid i386 and amd64 tested via QRT and works as well as the previous release (excepting bug #743494).

tags:

added: verification-done-lucid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-19:

#6

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.10.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
-- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.10.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high

* New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <fta@ubuntu.com>   Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Maverick):
status:	Fix Committed → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-04-19:

#7

Waiting on lucid/armel before pocket copy.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-20:

#8

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.04.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
-- Fabien Tassin <email address hidden> Thu, 14 Apr 2011 22:36:16 +0200

This bug was fixed in the package chromium-browser - 10.0.648.205~r81283-0ubuntu0.10.04.1

---------------
chromium-browser (10.0.648.205~r81283-0ubuntu0.10.04.1) lucid-security; urgency=high

* New upstream minor release from the Stable Channel (LP: #762275)
    This release fixes the following security issues:
    - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
      Credit to Google Chrome Security Team (Inferno).
    - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
      to Christoph Diehl.
    This releasse also contains the security fixes from 10.0.648.204~r79063
    (which has been skipped by the sponsors) (LP: #742118)
    + Webkit bugs:
      - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
        to Sławomir Błażek.
      - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
        to Sergey Glazunov.
      - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
        Sergey Glazunov.
      - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
        parentage. Credit to Sergey Glazunov.
      - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
        to Sergey Glazunov.
    + Chromium bugs:
      - [72517] High, CVE-2011-1291: Buffer error in base string handling.
        Credit to Alex Turpin.
  Packaging changes:
  * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
    preventing a SIGILL crash on some boards (LP: #735877)
    - update debian/control
  * Install libppGoogleNaClPluginChrome.so (LP: #738331)
    - update debian/rules
    - update debian/chromium-browser.install
  * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
    called from apport/ubuntu-bug (LP: #759635)
    - update debian/apport/chromium-browser.py
  * NaCL may be blacklisted, so only include it when it's actually been
    built (fixes the ftbfs on arm) (LP: #745854)
    - update debian/rules
    - update debian/chromium-browser.install
  * Harden the apport hooks in the extensions section
    - update debian/apport/chromium-browser.py
 -- Fabien Tassin <fta@ubuntu.com>   Thu, 14 Apr 2011 22:36:16 +0200

Changed in chromium-browser (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Ubuntu
chromium-browser package

10.0.648.204 -> 10.0.648.205

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
chromium-browser (Ubuntu)	Fix Released	High	Fabien Tassin
Lucid	Fix Released	High	Unassigned
Maverick	Fix Released	High	Micah Gersten
Natty	Fix Released	High	Fabien Tassin

Ubuntuchromium-browser package

10.0.648.204 -> 10.0.648.205

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
chromium-browser package