This bug was fixed in the package chromium-browser -
44.0.2403.89-0ubuntu0.15.04.1.1177
---------------
chromium-browser (44.0.2403.89-0ubuntu0.15.04.1.1177) vivid-security;
urgency=medium
* Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
* debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
before testing for actual errors.
* debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.
-- Chad MILLER <chad.mil...@canonical.com> Tue, 28 Jul 2015 11:19:11
-0400
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1477662
Title:
21-july-2015 security fixes not available
Status in chromium-browser package in Ubuntu:
Fix Released
Bug description:
On July 21, 2015, security fixes were made available in a new release
44.0.2403.89 of the browser.
My browser is at 43.0.2357.130 for Ubuntu 14.04 despite repeated
updates.
Since the security fixes are urgent, could you please make them
available immediately?
More info here:
http://googlechromereleases.blogspot.ca/search/label/Stable%20updates
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: chromium-browser 43.0.2357.130-0ubuntu0.14.04.1.1092
ProcVersionSignature: Ubuntu 3.13.0-58.97-generic 3.13.11-ckt22
Uname: Linux 3.13.0-58-generic i686
ApportVersion: 2.14.1-0ubuntu3.11
Architecture: i386
CurrentDesktop: Unity
CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order
/var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission
denied
Date: Thu Jul 23 11:53:12 2015
Desktop-Session:
'ubuntu'
'/etc/xdg/xdg-ubuntu:/usr/share/upstart/xdg:/etc/xdg'
'/usr/share/ubuntu:/usr/share/gnome:/usr/local/share/:/usr/share/'
DetectedPlugins:
EcryptfsInUse: Yes
Env:
'None'
'None'
InstallationDate: Installed on 2014-04-29 (449 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release i386 (20140417)
Load-Avg-1min: 0.22
Load-Processes-Running-Percent: 0.2%
MachineType: Dell Inc. Inspiron 660
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-58-generic
root=UUID=8cf458ab-4ff9-4505-9a16-27da1ea7ec10 ro quiet splash vt.handoff=7
SourcePackage: chromium-browser
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 10/14/2013
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A11
dmi.board.name: 0XR1GT
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias:
dmi:bvnDellInc.:bvrA11:bd10/14/2013:svnDellInc.:pnInspiron660:pvr:rvnDellInc.:rn0XR1GT:rvrA00:cvnDellInc.:ct3:cvr:
dmi.product.name: Inspiron 660
dmi.sys.vendor: Dell Inc.
gconf-keys: /desktop/gnome/applications/browser/exec =
b'/usr/bin/chromium-browser\n'/desktop/gnome/url-handlers/https/command =
b'/usr/bin/chromium-browser %s\n'/desktop/gnome/url-handlers/https/enabled =
b'true\n'/desktop/gnome/url-handlers/http/command = b'/usr/bin/chromium-browser
%s\n'/desktop/gnome/url-handlers/http/enabled =
b'true\n'/desktop/gnome/session/required_components/windowmanager =
b''/apps/metacity/general/compositing_manager =
b''/desktop/gnome/interface/icon_theme = b''/desktop/gnome/interface/gtk_theme
= b''
modified.conffile..etc.chromium.browser.default: [modified]
modified.conffile..etc.default.chromium.browser: [deleted]
mtime.conffile..etc.chromium.browser.default: 2014-04-29T13:58:11.849470
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1477662/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
