[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
*** This bug is a duplicate of bug 1086613 *** https://bugs.launchpad.net/bugs/1086613 I'm marking this as a dupe of the bug I just opened to update to 23.0.1271.95. Please don't comment in the update bug unless it's about something broken with the update (which once it's released, you'll want to file a new bug anyways), not the process. ** This bug has been marked a duplicate of bug 1086613 Please update to 23.0.1271.95 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
Phill, I'm the one responsible for pushing out the updates to the stable releases. Chad is providing me with the updates. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
Micah, why, oh, why are people running around re-inventing the wheel? av has already stated that he would love to work with 'ubuntu' to have the updates done? Meanwhile, the people who matter ... aka Chromium users, do not have 1) Any official default updates arriving. 2) The 'official' ppa is non functional 3) The test area has only just been made aware of, via a bug report instead of an announcement. 4) There is already, and has been for some time, a fully functioning PPA. you stated that that it would be possible to use av's scripts... Well, his scripts are still updating Chromium while 'official' has gone from a 7 day time scale into well over a month. (Sorry about this being a 'comment', but the total breakdown of the system for updates is giving ubuntu a bad name). -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
Umm...we're not reinventing anything. This is how it used to work. I'm preparing stable updates this evening based on the branches Chad gave me. As for when the PPAs will be up and running, Chad will have to address that. I will endeavor to keep the stable releases up to date. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
FWIW, Chad has an experimental stable-daily PPA at ppa:cmiller/chromium- browser-stable-daily. ** Changed in: chromium-browser (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
The 'official' PPA's are in the process of being re-started. In the mean time, there is a workaround at https://help.ubuntu.com/community/Lubuntu/Documentation/FAQ/Workarounds#Chromium_not_Updating -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: New Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
I'm aware of the third party PPA workaround, but: a) I'm not really sure it can be trusted (I don't know Alex Shkop, sorry) b) I'm certain most people install Chromium from Canonical's repositories rather than PPA (Official or non-official). These people browse the Web with browsers that have known security vulnerabilities. I believe the best way would be to treat chromium-browser updates as security updates (which they are), and push them to LTS releases, just like FireFox. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: New Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
The PPA, as I stated is being re-started by a Canonical guy. It will hopefully be all up and running by the end of this month. Chromium updates already have an exception to allow them to be back ported. The issue is that there was no one doing the 'official' updates. This is going to be resolved. I do know Alex, and he did offer to assist in the updating of Chromium. There was talk of using the script he uses, but the task has been allocated to the Canonical guy. As it also states in the link, it is in 'workaround' for that reason and will be marked as no longer used when there is an 'official' update route. Until then, to get updates that ppa can be used, else people will be running an old version of Chromium. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: New Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
** Changed in: chromium-browser (Ubuntu) Assignee: (unassigned) = Micah Gersten (micahg) ** Changed in: chromium-browser (Ubuntu) Status: New = Triaged -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. We are working on a method to keep this package up to date for stable Ubuntu releases so it doesn't lag behind upstream as it has been. Updates should be provided soon. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1081518] Re: Chromium-browser package is outdated and poses a security risk
Jamie, I'm not sure why you have assigned this to michag ? On the 6th of November chad.mille sent this email. Hi Phill, Julien, others. I'm glad you're interested in chromium-browser. With desktop web-apps becoming more popular, chromium-browser is becoming more important for everyone. It is now a major responsibility of mine to maintain it. I hope to get official PPAs running in the next few weeks for all supported releases of Ubuntu (L,O,P,Q), with Stable channel first, perhaps even within 7 days, and beta and dev soon thereafter. I hope this is soon enough to satisfy you. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1081518 Title: Chromium-browser package is outdated and poses a security risk Status in “chromium-browser” package in Ubuntu: Triaged Bug description: The current chromium-browser version in 12.04 is outdated (http://packages.ubuntu.com/precise/chromium-browser is at version 18 when current version is 23). That were most probably security vulnerabilities that where fixed between these 2 versions, which Ubuntu chromium-browser users are still vulnerable to. The Quantal package is at version 22: http://packages.ubuntu.com/quantal/chromium-browser I see that the firefox package keeps the same version betweeen Precise and Quantal, since running an outdated browser version has security implications. The same logic should be applied to chromium-browser. Futhermore; there is a (formerly) official PPA at https://launchpad.net/~chromium-daily/+archive/ppa that used to maintain the latest version of each channel. This PPA is no longer maintained and according to the Chromium team's support IRC channel, it won't be maintained in the near future. I believe it is best to delete this PPA, to avoid users thinking that their browsers are up-to-date when they are not. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1081518/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp