This bug was fixed in the package chromium-browser -
44.0.2403.89-0ubuntu0.14.04.1.1095
---------------
chromium-browser (44.0.2403.89-0ubuntu0.14.04.1.1095) trusty-security;
urgency=medium
* Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
* debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
before testing for actual errors.
* debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.
-- Chad MILLER <[email protected]> Tue, 28 Jul 2015 11:19:11
-0400
** Changed in: chromium-browser (Ubuntu)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1270
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1271
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1272
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1273
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1274
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1275
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1276
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1277
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1278
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1279
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1280
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1281
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1282
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1283
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1284
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1285
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1286
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1287
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1288
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1289
** Changed in: chromium-browser (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1477662
Title:
21-july-2015 security fixes not available
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
