subject:"\[Desktop\-packages\] \[Bug 1373802\] Re\: Regression\: chromium\-browser no longer loads policies in 37.0.2062.120\-0ubuntu0.14.04.1\~pkg1049"

[Desktop-packages] [Bug 1373802] Re: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

2014-11-10 Thread Launchpad Bug Tracker

This bug was fixed in the package chromium-browser -
38.0.2125.111-0ubuntu0.14.10.1.1103

---
chromium-browser (38.0.2125.111-0ubuntu0.14.10.1.1103) utopic-security; 
urgency=medium

  * Upstream release 38.0.2125.111.
  * Upstream release 38.0.2125.104.
  * Upstream release 38.0.2125.101:  (LP: #1310163)
- CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
  IPC bugs that can lead to remote code execution outside of the sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium.
- CVE-2014-3190: Use-after-free in Events.
- CVE-2014-3191: Use-after-free in Rendering.
- CVE-2014-3192: Use-after-free in DOM.
- CVE-2014-3193: Type confusion in Session Management.
- CVE-2014-3194: Use-after-free in Web Workers.
- CVE-2014-3195: Information Leak in V8.
- CVE-2014-3196: Permissions bypass in Windows Sandbox.
- CVE-2014-3197: Information Leak in XSS Auditor.
- CVE-2014-3198: Out-of-bounds read in PDFium.
- CVE-2014-3199: Release Assert in V8 bindings.
- CVE-2014-3200: Various fixes from internal audits, fuzzing and other
  initiatives (Chrome 38).
  * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
  * Make the verification step in clean make more compare-able output.
  * debian/patches/configuration-directory.patch: Account for new location of
policies directory in /etc . Change back. (LP: #1373802)
  * debian/patches/lp-translations-paths: Map old third_party filenames to
new name after processor compiles.
  * debian/rules: Fix patch-translations rule, workflow.
  * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
  * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
which has never worked. (LP: #1381644)
  * debian/patches/disable-sse: Disable more SSE #includes.
  * debian/rules: Omit unnecessary files from packaging.
  * debian/chromium-browser.sh.in: Fix variable name bug and suggest
~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
  * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
APIs.

chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low

  * Upstream release 37.0.2062.120:
- CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
- CVE-2014-3179: Various fixes from internal audits, fuzzing and other
  initiatives.
  * debian/rules: Simplify and rearrange.
  * debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
so we can fail when something changes unexpectedly.
  * debian/rules: Fix up patch-translations rule.

chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low

  * Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
  extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
  initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
  API, and Google V8 to execute arbitrary code.
  * Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
  * debian/control: Suggests chromiumflashplugin .
  * debian/apport: Significant cleanup.
  * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
  * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
  * debian/patches/*: refresh line numbers.
  * debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
  * debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
  * debian/control: build-dep on openssl.
  * debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
  * debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
 -- Chad MILLER chad.mil...@canonical.com   Wed, 15 Oct 2014 14:22:55 -0400

** Changed in: chromium-browser (Ubuntu)
   Status: Confirmed = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3165

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3168

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3169

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3170

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3171

[Desktop-packages] [Bug 1373802] Re: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

2014-10-23 Thread Launchpad Bug Tracker

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: chromium-browser (Ubuntu)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1373802

Title:
  Regression: chromium-browser no longer loads policies in
  37.0.2062.120-0ubuntu0.14.04.1~pkg1049

Status in “chromium-browser” package in Ubuntu:
  Confirmed

Bug description:
  Release: Ubuntu 14.04
  Package: chromium-browser_37.0.2062.120-0ubuntu0.14.04.1~pkg1049

  After updating to the latest version indicated above this morning I
  found out that this version no longer loads my configured policies
  from /etc/chromium-browser/policies/*.

  Running 'strings /usr/lib/chromium-browser/chromium-browser|grep
  policies' I noticed that in the new version the path vor policies
  changed to /etc/chromium/policies.

  After creating a symlink /etc/chromium - chromium-browser and
  restarting the browser my policies were loaded again.

  I think this is a serious regression from the previous version
  (37.0.2062.94-0ubuntu0.14.04.1~pkg1042) for enterprise users where we
  want to lock down certain features in the browser and after this
  security update suddenly all policies are not loaded/enforced anymore.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1373802/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1373802] Re: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

2014-10-23 Thread Chad Miller

** Changed in: chromium-browser (Ubuntu)
 Assignee: (unassigned) = Chad Miller (cmiller)

** Changed in: chromium-browser (Ubuntu)
   Importance: Undecided = Critical

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1373802

Title:
  Regression: chromium-browser no longer loads policies in
  37.0.2062.120-0ubuntu0.14.04.1~pkg1049

Status in “chromium-browser” package in Ubuntu:
  Confirmed

Bug description:
  Release: Ubuntu 14.04
  Package: chromium-browser_37.0.2062.120-0ubuntu0.14.04.1~pkg1049

  After updating to the latest version indicated above this morning I
  found out that this version no longer loads my configured policies
  from /etc/chromium-browser/policies/*.

  Running 'strings /usr/lib/chromium-browser/chromium-browser|grep
  policies' I noticed that in the new version the path vor policies
  changed to /etc/chromium/policies.

  After creating a symlink /etc/chromium - chromium-browser and
  restarting the browser my policies were loaded again.

  I think this is a serious regression from the previous version
  (37.0.2062.94-0ubuntu0.14.04.1~pkg1042) for enterprise users where we
  want to lock down certain features in the browser and after this
  security update suddenly all policies are not loaded/enforced anymore.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1373802/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1373802] Re: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

[Desktop-packages] [Bug 1373802] Re: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

[Desktop-packages] [Bug 1373802] Re: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

3 matches

Site Navigation

Mail list logo

Footer information