[ubuntu/maverick] chromium-browser 6.0.472.53~r57914-0ubuntu1 (Accepted)

Fabien Tassin fta at ubuntu.com
Thu Sep 2 23:32:06 BST 2010 

chromium-browser (6.0.472.53~r57914-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #628924)
    This release fixes the following security issues:
    - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
      Google Chrome Security Team (Inferno) and “ironfist99”.
    - [37201] Medium, URL bar visual spoofing with homographic sequences.
      Credit to Chris Weber of Casaba Security.
    - [41654] Medium, Apply more restrictions on setting clipboard content.
      Credit to Brook Novak.
    - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
      the Google Security Team.
    - [45876] Medium, Possible installed extension enumeration. Credit to
      Lostmon.
    - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
      Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
      and Keith Campbell.
    - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
      Glazunov.
    - [50839] High, Notification permissions memory corruption. Credit to
      Michal Zalewski of the Google Security Team and Google Chrome Security
      Team (SkyLined).
    - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
      Campbell and Google Chrome Security Team (Cris Neckar).
    - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
    - [51727] Low, Avoid storing excessive autocomplete entries. Credit to
      Google Chrome Security Team (Inferno).
    - [52443] High, Stale pointer in focus handling. Credit to VUPEN
      Vulnerability Research Team (VUPEN-SR-2010-249).
    - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
      Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
    - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
  * Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
    is installed, the set of usable codecs (at runtime) will still vary.
    This is now done by setting proprietary_codecs=1 so we can drop our patch
    - update debian/rules
    - drop debian/patches/html5_video_mimetypes.patch
    - update debian/patches/series
  * Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API
    - update debian/control
  * Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
    This is needed for Cloud Printing
    - update debian/control
  * Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and
    DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS
    - update debian/rules
  * Install resources.pak in the main deb, and remove all resources/ accordingly
    - update debian/chromium-browser.install
  * Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME
    Keyring and KWallet integration. See http://crbug.com/12351
    - update debian/control
  * Ship empty policy dirs (for now) in /etc/chromium-browser/policies
    - update debian/rules
    - update debian/chromium-browser.dirs
  * Bump build-deps for gyp to >= 0.1~svn837
    - update debian/control
  * Drop the icedtea6-plugin workaround, it's no longer needed and it may cause
    troubles when the default xulrunner contains older nss/nspr libs
    - update debian/chromium-browser.sh.in

Date: Thu, 02 Sep 2010 17:03:41 +0200
Changed-By: Fabien Tassin <fta at ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/chromium-browser/6.0.472.53~r57914-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 02 Sep 2010 17:03:41 +0200
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector
Architecture: source
Version: 6.0.472.53~r57914-0ubuntu1
Distribution: maverick
Urgency: low
Maintainer: Fabien Tassin <fta at ubuntu.com>
Changed-By: Fabien Tassin <fta at ubuntu.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-inspector - page inspector for the chromium-browser
 chromium-browser-l10n - chromium-browser language packages
Launchpad-Bugs-Fixed: 628924
Changes: 
 chromium-browser (6.0.472.53~r57914-0ubuntu1) maverick; urgency=low
 .
   * New upstream release from the Stable Channel (LP: #628924)
     This release fixes the following security issues:
     - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
       Google Chrome Security Team (Inferno) and “ironfist99”.
     - [37201] Medium, URL bar visual spoofing with homographic sequences.
       Credit to Chris Weber of Casaba Security.
     - [41654] Medium, Apply more restrictions on setting clipboard content.
       Credit to Brook Novak.
     - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
       the Google Security Team.
     - [45876] Medium, Possible installed extension enumeration. Credit to
       Lostmon.
     - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
       Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
       and Keith Campbell.
     - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
       Glazunov.
     - [50839] High, Notification permissions memory corruption. Credit to
       Michal Zalewski of the Google Security Team and Google Chrome Security
       Team (SkyLined).
     - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
       Campbell and Google Chrome Security Team (Cris Neckar).
     - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
     - [51727] Low, Avoid storing excessive autocomplete entries. Credit to
       Google Chrome Security Team (Inferno).
     - [52443] High, Stale pointer in focus handling. Credit to VUPEN
       Vulnerability Research Team (VUPEN-SR-2010-249).
     - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
       Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
     - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
   * Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
     is installed, the set of usable codecs (at runtime) will still vary.
     This is now done by setting proprietary_codecs=1 so we can drop our patch
     - update debian/rules
     - drop debian/patches/html5_video_mimetypes.patch
     - update debian/patches/series
   * Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API
     - update debian/control
   * Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
     This is needed for Cloud Printing
     - update debian/control
   * Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and
     DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS
     - update debian/rules
   * Install resources.pak in the main deb, and remove all resources/ accordingly
     - update debian/chromium-browser.install
   * Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME
     Keyring and KWallet integration. See http://crbug.com/12351
     - update debian/control
   * Ship empty policy dirs (for now) in /etc/chromium-browser/policies
     - update debian/rules
     - update debian/chromium-browser.dirs
   * Bump build-deps for gyp to >= 0.1~svn837
     - update debian/control
   * Drop the icedtea6-plugin workaround, it's no longer needed and it may cause
     troubles when the default xulrunner contains older nss/nspr libs
     - update debian/chromium-browser.sh.in
Checksums-Sha1: 
 a91536fc5d426afe43a9abf3683d052183593f69 1921 chromium-browser_6.0.472.53~r57914-0ubuntu1.dsc
 88518a93f084908a0062fe76b889ad2f6606afa2 153076205 chromium-browser_6.0.472.53~r57914.orig.tar.gz
 8e352636746fe2f2910339a1136034db8d0b881f 185698 chromium-browser_6.0.472.53~r57914-0ubuntu1.diff.gz
Checksums-Sha256: 
 5cfc4099af31ce588f2360dc1318652d4cca5c8b62cbd1ceb57ef7964d861ec4 1921 chromium-browser_6.0.472.53~r57914-0ubuntu1.dsc
 875612fb89daf4efb7f1201b096cc6a7cd1c7800efc01a1d6cd43e06fd676f08 153076205 chromium-browser_6.0.472.53~r57914.orig.tar.gz
 5a04896dabc49917caa5e4f3d6a2bc65fe4ea5418383bc7ccbbbac047f50ceef 185698 chromium-browser_6.0.472.53~r57914-0ubuntu1.diff.gz
Files: 
 9dd92186b32f8db02b052a275995216e 1921 web optional chromium-browser_6.0.472.53~r57914-0ubuntu1.dsc
 83da52a6f862809482246e6c2c570189 153076205 web optional chromium-browser_6.0.472.53~r57914.orig.tar.gz
 6cae610c97edcac1d4951145ae2385d5 185698 web optional chromium-browser_6.0.472.53~r57914-0ubuntu1.diff.gz

More information about the Maverick-changes mailing list