[Secure-testing-team] Bug#626445: multiple (89!) security issues in chromium
Antoine Beaupré
anarcat at koumbit.org
Thu May 12 04:14:01 UTC 2011
Package: chromium-browser
Version: 6.0.472.63~r59945-5+squeeze4
Severity: grave
Tags: security squeeze sid
The PTS mentions there are 89 security issues in this package, most of
which affect stable, which is stuck at the prehistoric Chromium 6
release.
But even the version in sid seems to be vulnerable to serious security
issues, including remote code execution, like this one:
http://security-tracker.debian.org/tracker/CVE-2011-1344
Plenty more here:
http://security-tracker.debian.org/tracker/source-package/chromium-browser
A lot of those would just need a simple classification to mark which
ones are fixed in sid.
But the version in stable is a much more serious issue. I do not think
there is the possbility of maintaining that branch all by ourselves
here, and I would recommend either dropping the package from stable and
rely on backports, or simply ship the next squeeze release with the 10.x
version.
Right now, I have the feeling that a lot of people are using Google
Chrome's Debian package instead of the chromium package. People like me
that stick with the Debian package are actually left in the cold with an
outdated version that is actually very vulnerable.
This situation seems rather problematic and should be resolved.
-- System Information:
Debian Release: 6.0.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL set to fr_CA.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chromium-browser depends on:
ii chromium-br 6.0.472.63~r59945-5+squeeze4 page inspector for the chromium-br
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libbz2-1.0 1.0.5-6 high-quality block-sorting file co
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libcups2 1.4.4-7 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst
ii libdbus-gli 0.88-2.1 simple interprocess messaging syst
ii libevent-1. 1.4.13-stable-1 An asynchronous event notification
ii libexpat1 2.0.1-7 XML parsing C library - runtime li
ii libfontconf 2.8.0-2.1 generic font configuration library
ii libfreetype 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgl1-mesa 7.7.1-4 A free implementation of the OpenG
ii libglewmx1. 1.5.4-1 The OpenGL Extension Wrangler - ru
ii libglib2.0- 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libicu44 4.4.1-7 International Components for Unico
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libnspr4-0d 4.8.6-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.8-1+squeeze1 Network Security Service libraries
ii libpango1.0 1.28.3-1+squeeze2 Layout and rendering of internatio
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libv8-2.2.2 2.2.24-6 V8 JavaScript Engine
ii libvpx0 0.9.1-2 VP8 video codec (shared library)
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxslt1.1 1.1.26-6 XSLT 1.0 processing library - runt
ii libxss1 1:1.2.0-2 X11 Screen Saver extension library
ii xdg-utils 1.0.2+cvs20100307-2 desktop integration utilities from
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
chromium-browser recommends no packages.
Versions of packages chromium-browser suggests:
pn chromium-browser-l10n <none> (no description available)
-- no debconf information
More information about the Secure-testing-team
mailing list