[ubuntu/natty] chromium-browser 8.0.552.215~r67652-0ubuntu1 (Accepted)

Fabien Tassin fta at ubuntu.com
Fri Dec 3 02:30:40 GMT 2010 

chromium-browser (8.0.552.215~r67652-0ubuntu1) natty; urgency=high

  * New upstream Major release from the Stable Channel (LP: #684502), also
    fixing the following security issues:
    - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
      Security Team (SkyLined).
    - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
      Panchbhai and Microsoft Vulnerability Research (MSVR).
    - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
      Security Team (Inferno).
    - [58319] Low, Prevent excessive file dialogs, possibly leading to browser
      crash. Credit to Cezary Tomczak (gosu.pl).
    - [59554] High, Use after free in history handling. Credit to Stefan
      Troger.
    - [59817] Medium, Make sure the “dangerous file types” list is uptodate
      with the Windows platforms. Credit to Billy Rios of the Google Security
      Team.
    - [61701] Low, Browser crash with HTTP proxy authentication. Credit to
      Mohammed Bouhlel.
    - [61653] Medium, Out-of-bounds read regression in WebM video support.
      Credit to Google Chrome Security Team (Chris Evans), based on earlier
      testcases from Mozilla and Microsoft (MSVR).
    - [62127] High, Crash due to bad indexing with malformed video. Credit to
      miaubiz.
    - [62168] Medium, Possible browser memory corruption via malicious
      privileged extension. Credit to kuzzcc.
    - [62401] High, Use after free with SVG animations. Credit to Sławomir
      Błażek.
    - [63051] Medium, Use after free in mouse dragging event handling. Credit
      to kuzzcc.
    - [63444] High, Double free in XPath handling. Credit to Yang Dingning from
      NCNIPC, Graduate University of Chinese Academy of Sciences.
  * Work-around a gcc 4.5 miscompilation bug causing regression in the
    omnibar, breaking searches (LP: #664584)
    - add debian/patches/gcc-4.5-build-workaround.patch
    - update debian/patches/series
  * Automatically merge Launchpad translations with the upstream grit files and
    produce patches in the source tarball. Apply those patches at build time
    during configure
    - update debian/rules
  * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
    entry of the desktop file (needed on Natty where handlers are no longer
    searched for in gconf)
    - update debian/chromium-browser.desktop

Date: Thu, 02 Dec 2010 20:32:06 +0100
Changed-By: Fabien Tassin <fta at ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/chromium-browser/8.0.552.215~r67652-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 02 Dec 2010 20:32:06 +0100
Source: chromium-browser
Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-browser-inspector
Architecture: source
Version: 8.0.552.215~r67652-0ubuntu1
Distribution: natty
Urgency: high
Maintainer: Fabien Tassin <fta at ubuntu.com>
Changed-By: Fabien Tassin <fta at ubuntu.com>
Description: 
 chromium-browser - Chromium browser
 chromium-browser-dbg - chromium-browser debug symbols
 chromium-browser-inspector - page inspector for the chromium-browser
 chromium-browser-l10n - chromium-browser language packages
Launchpad-Bugs-Fixed: 664584 684502
Changes: 
 chromium-browser (8.0.552.215~r67652-0ubuntu1) natty; urgency=high
 .
   * New upstream Major release from the Stable Channel (LP: #684502), also
     fixing the following security issues:
     - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
       Security Team (SkyLined).
     - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
       Panchbhai and Microsoft Vulnerability Research (MSVR).
     - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
       Security Team (Inferno).
     - [58319] Low, Prevent excessive file dialogs, possibly leading to browser
       crash. Credit to Cezary Tomczak (gosu.pl).
     - [59554] High, Use after free in history handling. Credit to Stefan
       Troger.
     - [59817] Medium, Make sure the “dangerous file types” list is uptodate
       with the Windows platforms. Credit to Billy Rios of the Google Security
       Team.
     - [61701] Low, Browser crash with HTTP proxy authentication. Credit to
       Mohammed Bouhlel.
     - [61653] Medium, Out-of-bounds read regression in WebM video support.
       Credit to Google Chrome Security Team (Chris Evans), based on earlier
       testcases from Mozilla and Microsoft (MSVR).
     - [62127] High, Crash due to bad indexing with malformed video. Credit to
       miaubiz.
     - [62168] Medium, Possible browser memory corruption via malicious
       privileged extension. Credit to kuzzcc.
     - [62401] High, Use after free with SVG animations. Credit to Sławomir
       Błażek.
     - [63051] Medium, Use after free in mouse dragging event handling. Credit
       to kuzzcc.
     - [63444] High, Double free in XPath handling. Credit to Yang Dingning from
       NCNIPC, Graduate University of Chinese Academy of Sciences.
   * Work-around a gcc 4.5 miscompilation bug causing regression in the
     omnibar, breaking searches (LP: #664584)
     - add debian/patches/gcc-4.5-build-workaround.patch
     - update debian/patches/series
   * Automatically merge Launchpad translations with the upstream grit files and
     produce patches in the source tarball. Apply those patches at build time
     during configure
     - update debian/rules
   * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
     entry of the desktop file (needed on Natty where handlers are no longer
     searched for in gconf)
     - update debian/chromium-browser.desktop
Checksums-Sha1: 
 1f0a8b7a2fb7037e0355ca0d471610010dd2cd7c 1948 chromium-browser_8.0.552.215~r67652-0ubuntu1.dsc
 b47194a1cdd864cf330859acbb61c09051f9f7fa 182229062 chromium-browser_8.0.552.215~r67652.orig.tar.gz
 e2219a3072aeff8025339fa805712592ce5d6530 191656 chromium-browser_8.0.552.215~r67652-0ubuntu1.diff.gz
Checksums-Sha256: 
 77b720e4ad82d0daaceec8557c63db4f65beb1fc4eb53be798d75eb50f84cac9 1948 chromium-browser_8.0.552.215~r67652-0ubuntu1.dsc
 525fd00b13839a0bbb0b8f68a928cc33c97439c51a81b458be0123d02d956e32 182229062 chromium-browser_8.0.552.215~r67652.orig.tar.gz
 8fd4a6cb026b0ccebca66357471ad698d824763795499300311223abaf42943a 191656 chromium-browser_8.0.552.215~r67652-0ubuntu1.diff.gz
Files: 
 a3df3f9d2ad6ff17089487dbce14cb89 1948 web optional chromium-browser_8.0.552.215~r67652-0ubuntu1.dsc
 48baf5a15474160c4febc5747ed91462 182229062 web optional chromium-browser_8.0.552.215~r67652.orig.tar.gz
 5e19f30b204dbd3ceb3b9c0d10e696d9 191656 web optional chromium-browser_8.0.552.215~r67652-0ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkz4VVYACgkQaOfNHbbuIOj8rACeNGnlVk4SA2q5MIX5M7AdMFbh
gewAoJeDMbrv2EiQO+7a/SsK/Lg8GMFu
=i4fg
-----END PGP SIGNATURE-----

More information about the Natty-changes mailing list