[Bug 1477662] Re: 21-july-2015 security fixes not available

[Launchpad Bug Tracker]

This bug was fixed in the package chromium-browser -
44.0.2403.89-0ubuntu0.14.04.1.1095

---
chromium-browser (44.0.2403.89-0ubuntu0.14.04.1.1095) trusty-security; 
urgency=medium

  * Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
  after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
  termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
  initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of error
before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.

 -- Chad MILLER chad.mil...@canonical.com  Tue, 28 Jul 2015 11:19:11
-0400

** Changed in: chromium-browser (Ubuntu)
   Status: In Progress = Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1270

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1271

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1272

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1273

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1274

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1275

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1276

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1277

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1278

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1279

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1280

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1281

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1282

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1283

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1284

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1285

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1286

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1287

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1288

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1289

** Changed in: chromium-browser (Ubuntu)
   Status: In Progress = Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1477662

Title:
  21-july-2015 security fixes not available

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1477662] Re: 21-july-2015 security fixes not available

[Launchpad Bug Tracker]

This bug was fixed in the package chromium-browser -
44.0.2403.89-0ubuntu0.15.04.1.1177

---
chromium-browser (44.0.2403.89-0ubuntu0.15.04.1.1177) vivid-security; 
urgency=medium

  * Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
  after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
  termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
  initiatives.
  * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
  * debian/tests/smoketest-actual: Remove some innocuous mentions of error
before testing for actual errors.
  * debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
  * debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.

 -- Chad MILLER chad.mil...@canonical.com  Tue, 28 Jul 2015 11:19:11
-0400

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1477662

Title:
  21-july-2015 security fixes not available

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1477662] Re: 21-july-2015 security fixes not available

[Sebastien Bacher]

** Changed in: chromium-browser (Ubuntu)
   Importance: Undecided = High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1477662

Title:
  21-july-2015 security fixes not available

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1477662] Re: 21-july-2015 security fixes not available

[Chad Miller]

** Changed in: chromium-browser (Ubuntu)
   Status: New = In Progress

** Changed in: chromium-browser (Ubuntu)
 Assignee: (unassigned) = Chad Miller (cmiller)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1477662

Title:
  21-july-2015 security fixes not available

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs