~chromium-team/chromium-browser/artful-beta

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Chad MILLER
  • Date: 2014-08-28 16:59:07 UTC
  • Revision ID: chad.miller@canonical.com-20140828165907-i3gnn72j3gqopspi
* Upstream release 37.0.2062.94. There is no official tarball.
  - CVE-2014-3165: Use-after-free in Blink websockets.
  - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
    extensions that can lead to remote code execution outside of the sandbox.
  - CVE-2014-3168: Use-after-free in SVG.
  - CVE-2014-3169: Use-after-free in DOM.
  - CVE-2014-3170: Extension permission dialog spoofing.
  - CVE-2014-3171: Use-after-free in bindings.
  - CVE-2014-3172: Issue related to extension debugging.
  - CVE-2014-3173: Uninitialized memory read in WebGL.
  - CVE-2014-3174: Uninitialized memory read in Web Audio.
  - CVE-2014-3175: Various fixes from internal audits, fuzzing and other
    initiatives.
  - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
    API, and Google V8 to execute arbitrary code.
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
  debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/arm-neon.patch, debian/patches/ffmpeg-gyp-config.patch,
  debian/patches/fix-gyp-space-in-object-filename-exception.patch,
  debian/patches/gyp-icu-m32-test:
  Disabled. No longer needs fixing.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
chromium-browser (36.0.1985.143-0ubuntu2) UNRELEASED; urgency=low
 
1
chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low
2
2
 
 
3
  * Upstream release 37.0.2062.94. There is no official tarball.
 
4
    - CVE-2014-3165: Use-after-free in Blink websockets.
 
5
    - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
 
6
      extensions that can lead to remote code execution outside of the sandbox.
 
7
    - CVE-2014-3168: Use-after-free in SVG.
 
8
    - CVE-2014-3169: Use-after-free in DOM.
 
9
    - CVE-2014-3170: Extension permission dialog spoofing.
 
10
    - CVE-2014-3171: Use-after-free in bindings.
 
11
    - CVE-2014-3172: Issue related to extension debugging.
 
12
    - CVE-2014-3173: Uninitialized memory read in WebGL.
 
13
    - CVE-2014-3174: Uninitialized memory read in Web Audio.
 
14
    - CVE-2014-3175: Various fixes from internal audits, fuzzing and other
 
15
      initiatives.
 
16
    - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
 
17
      API, and Google V8 to execute arbitrary code.
3
18
  * Fix a shell bug in the binary-wrapper that prevented USER flags
4
19
    from working properly.
5
20
  * debian/control: Suggests chromiumflashplugin .
6
21
  * debian/apport: Significant cleanup.
7
22
  * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
8
23
    (LP: #1353185)
 
24
  * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
 
25
  * debian/patches/*: refresh line numbers.
 
26
  * debian/patches/search-credit.patch,
 
27
    debian/patches/additional-search-engines.patch: Track source files moved.
 
28
  * debian/patches/arm-neon.patch, debian/patches/ffmpeg-gyp-config.patch,
 
29
    debian/patches/fix-gyp-space-in-object-filename-exception.patch,
 
30
    debian/patches/gyp-icu-m32-test:
 
31
    Disabled. No longer needs fixing.
9
32
 
10
 
 -- Chad MILLER <chad.miller@canonical.com>  Thu, 21 Aug 2014 12:49:44 -0400
 
33
 -- Chad MILLER <chad.miller@canonical.com>  Thu, 28 Aug 2014 12:12:47 -0400
11
34
 
12
35
chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low
13
36