[Bug 622823] Re: 5.0.375.127~r55887 security update
Copied gyp and chromium-browser to -updates and -security. ** Changed in: gyp (Ubuntu Lucid) Status: Fix Committed => Fix Released -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
This bug was fixed in the package chromium-browser - 5.0.375.127~r55887-0ubuntu0.10.04.1 --- chromium-browser (5.0.375.127~r55887-0ubuntu0.10.04.1) lucid-security; urgency=low * New upstream release from the Stable Channel (LP: #622823) This release fixes the following security issues: - [45400] Critical, Memory corruption with file dialog. Credit to Sergey Glazunov. - [49596] High, Memory corruption with SVGs. Credit to wushi of team509. - [49628] High, Bad cast with text editing. Credit to wushi of team509. - [49964] High, Possible address bar spoofing with history bug. Credit to Mike Taylor. - [50515] [51835] High, Memory corruption in MIME type handling. Credit to Sergey Glazunov. - [50553] Critical, Crash on shutdown due to notifications bug. Credit to Sergey Glazunov. - [51146] Medium, Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen. - [51654] High, Memory corruption with Ruby support. Credit to kuzzcc. - [51670] High, Memory corruption with Geolocation support. Credit to kuzzcc. * Add the xul libdir to LD_LIBRARY_PATH in the wrapper to help icedtea6-plugin (LP: #529242). This is needed at least for openjdk-6 6b18. - update debian/chromium-browser.sh * No longer use tar --lzma in get-orig-source now that it silently uses xz (since tar 1.23-2) which is not available in the backports. Use "tar | lzma" instead so the embedded tarball is always a lzma file - update debian/rules * Tweak the user agent to include Chromium and the Distro's name and version. - add debian/patches/chromium_useragent.patch.in - update debian/patches/series - update debian/rules * Fix a typo in the subst_files rule - update debian/rules * Fix a gyp file that triggers an error with newer gyp (because of dead code) - add debian/patches/drop_unused_rules_to_please_newer_gyp.patch - update debian/patches/series * Bump gyp Build-Depends to >= 0.1~svn810 to match upstream requirement - update debian/control -- Fabien TassinFri, 20 Aug 2010 14:09:16 +0200 ** Changed in: chromium-browser (Ubuntu Lucid) Status: Fix Committed => Fix Released -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
** Tags added: verification-done ** Tags removed: verification-needed -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
I think we can also consider gyp as 'verification-done' since chromium- browser built file against it (fyi-- gyp was in *both* ubuntu-security- propsed and lucid-proposed, but it was the same source package. chromium-browser built against the one in ubuntu-security-proposed. I created a 2nd 'ubuntu2' gyp that I pocket copied to lucid-proposed, so that it can be pocket copied to -security along with chromium-browser). -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
I have tested 5.0.375.127~r55887-0ubuntu0.10.04.1 in lucid-proposed and it works fine (I used test-browser.py from QRT and there are no regressions over the previous release). -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
Pocket copied chromium-browser to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks! ** Changed in: chromium-browser (Ubuntu Lucid) Status: In Progress => Fix Committed ** Tags removed: security-verification -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
** Branch linked: lp:ubuntu/lucid-proposed/gyp -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
Accepted gyp into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Also affects: gyp (Ubuntu) Importance: Undecided Status: New ** Changed in: gyp (Ubuntu Maverick) Status: New => Fix Released ** Changed in: gyp (Ubuntu Lucid) Status: New => Fix Committed ** Tags added: verification-needed -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
Uploaded to the ubuntu-security-proposed PPA ** Also affects: chromium-browser (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: chromium-browser (Ubuntu Maverick) Importance: High Assignee: Fabien Tassin (fta) Status: Fix Released ** Changed in: chromium-browser (Ubuntu Lucid) Importance: Undecided => High ** Changed in: chromium-browser (Ubuntu Lucid) Status: New => In Progress ** Tags added: security-verification -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
gyp 0.1~svn810-0ubuntu1 uploaded to lucid-proposed, waiting for approval. There's no big deal here, it's only used by chromium packages (the browser and its codecs) -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
on lucid, we need gyp >= 810 -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
This bug was fixed in the package chromium-browser - 5.0.375.127~r55887-0ubuntu1 --- chromium-browser (5.0.375.127~r55887-0ubuntu1) maverick; urgency=low * New upstream release from the Stable Channel (LP: #622823) This release fixes the following security issues: - [45400] Critical, Memory corruption with file dialog. Credit to Sergey Glazunov. - [49596] High, Memory corruption with SVGs. Credit to wushi of team509. - [49628] High, Bad cast with text editing. Credit to wushi of team509. - [49964] High, Possible address bar spoofing with history bug. Credit to Mike Taylor. - [50515] [51835] High, Memory corruption in MIME type handling. Credit to Sergey Glazunov. - [50553] Critical, Crash on shutdown due to notifications bug. Credit to Sergey Glazunov. - [51146] Medium, Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen. - [51654] High, Memory corruption with Ruby support. Credit to kuzzcc. - [51670] High, Memory corruption with Geolocation support. Credit to kuzzcc. * Add the xul libdir to LD_LIBRARY_PATH in the wrapper to help icedtea6-plugin (LP: #529242). This is needed at least for openjdk-6 6b18. - update debian/chromium-browser.sh * No longer use tar --lzma in get-orig-source now that it silently uses xz (since tar 1.23-2) which is not available in the backports. Use "tar | lzma" instead so the embedded tarball is always a lzma file - update debian/rules * Tweak the user agent to include Chromium and the Distro's name and version. - add debian/patches/chromium_useragent.patch.in - update debian/patches/series - update debian/rules * Fix a typo in the subst_files rule - update debian/rules * Fix a gyp file that triggers an error with newer gyp (because of dead code) - add debian/patches/drop_unused_rules_to_please_newer_gyp.patch - update debian/patches/series * Bump gyp Build-Depends to >= 0.1~svn810 to match upstream requirement - update debian/control -- Fabien TassinFri, 20 Aug 2010 14:09:16 +0200 ** Changed in: chromium-browser (Ubuntu) Status: New => Fix Released -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622823] Re: 5.0.375.127~r55887 security update
it's already in the stable PPA: ppa:chromium-daily/stable ** Changed in: chromium-browser (Ubuntu) Importance: Undecided => High ** Changed in: chromium-browser (Ubuntu) Assignee: (unassigned) => Fabien Tassin (fta) -- 5.0.375.127~r55887 security update https://bugs.launchpad.net/bugs/622823 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs