desktop-packages team mailing list archive

[Launchpad Bug Tracker <1477662@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package chromium-browser -
44.0.2403.89-0ubuntu0.14.04.1.1095

---------------
chromium-browser (44.0.2403.89-0ubuntu0.14.04.1.1095) trusty-security; urgency=medium

  * Upstream release 44.0.2403.89: (LP: #1477662)
    - CVE-2015-1271: Heap-buffer-overflow in pdfium.
    - CVE-2015-1273: Heap-buffer-overflow in pdfium.
    - CVE-2015-1274: Settings allowed executable files to run immediately
      after download.
    - CVE-2015-1275: UXSS in Chrome for Android.
    - CVE-2015-1276: Use-after-free in IndexedDB.
    - CVE-2015-1279: Heap-buffer-overflow in pdfium.
    - CVE-2015-1280: Memory corruption in skia.
    - CVE-2015-1281: CSP bypass.
    - CVE-2015-1282: Use-after-free in pdfium.
    - CVE-2015-1283: Heap-buffer-overflow in expat.
    - CVE-2015-1284: Use-after-free in blink.
    - CVE-2015-1286: UXSS in blink.
    - CVE-2015-1287: SOP bypass with CSS.
    - CVE-2015-1270: Uninitialized memory read in ICU.
    - CVE-2015-1272: Use-after-free related to unexpected GPU process
      termination.
    - CVE-2015-1277: Use-after-free in accessibility.
    - CVE-2015-1278: URL spoofing using pdf files.
    - CVE-2015-1285: Information leak in XSS auditor.
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
    - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
    first-class component library now, not a special snowflake. Still, build
    it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
    before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
    was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
    than chromium. Depend with version specification also.

 -- Chad MILLER <chad.miller@xxxxxxxxxxxxx>  Tue, 28 Jul 2015 11:19:11
-0400

** Changed in: chromium-browser (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1270

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1271

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1272

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1273

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1274

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1275

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1276

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1277

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1278

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1279

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1280

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1281

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1282

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1283

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1284

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1285

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1286

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1287

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1288

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1289

** Changed in: chromium-browser (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1477662

Title:
  21-july-2015 security fixes not available

Status in chromium-browser package in Ubuntu:
  Fix Released

Bug description:
  On July 21, 2015, security fixes were made available in a new release
  44.0.2403.89 of the browser.

  My browser is at 43.0.2357.130 for Ubuntu 14.04 despite repeated
  updates.

  Since the security fixes are urgent, could you please make them
  available immediately?

  More info here:

  http://googlechromereleases.blogspot.ca/search/label/Stable%20updates

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: chromium-browser 43.0.2357.130-0ubuntu0.14.04.1.1092
  ProcVersionSignature: Ubuntu 3.13.0-58.97-generic 3.13.11-ckt22
  Uname: Linux 3.13.0-58-generic i686
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: i386
  CurrentDesktop: Unity
  CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
  Date: Thu Jul 23 11:53:12 2015
  Desktop-Session:
   'ubuntu'
   '/etc/xdg/xdg-ubuntu:/usr/share/upstart/xdg:/etc/xdg'
   '/usr/share/ubuntu:/usr/share/gnome:/usr/local/share/:/usr/share/'
  DetectedPlugins:
   
  EcryptfsInUse: Yes
  Env:
   'None'
   'None'
  InstallationDate: Installed on 2014-04-29 (449 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release i386 (20140417)
  Load-Avg-1min: 0.22
  Load-Processes-Running-Percent:   0.2%
  MachineType: Dell Inc. Inspiron 660
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-58-generic root=UUID=8cf458ab-4ff9-4505-9a16-27da1ea7ec10 ro quiet splash vt.handoff=7
  SourcePackage: chromium-browser
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 10/14/2013
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A11
  dmi.board.name: 0XR1GT
  dmi.board.vendor: Dell Inc.
  dmi.board.version: A00
  dmi.chassis.type: 3
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: dmi:bvnDellInc.:bvrA11:bd10/14/2013:svnDellInc.:pnInspiron660:pvr:rvnDellInc.:rn0XR1GT:rvrA00:cvnDellInc.:ct3:cvr:
  dmi.product.name: Inspiron 660
  dmi.sys.vendor: Dell Inc.
  gconf-keys: /desktop/gnome/applications/browser/exec = b'/usr/bin/chromium-browser\n'/desktop/gnome/url-handlers/https/command = b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/https/enabled = b'true\n'/desktop/gnome/url-handlers/http/command = b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/http/enabled = b'true\n'/desktop/gnome/session/required_components/windowmanager = b''/apps/metacity/general/compositing_manager = b''/desktop/gnome/interface/icon_theme = b''/desktop/gnome/interface/gtk_theme = b''
  modified.conffile..etc.chromium.browser.default: [modified]
  modified.conffile..etc.default.chromium.browser: [deleted]
  mtime.conffile..etc.chromium.browser.default: 2014-04-29T13:58:11.849470

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions