1
chromium-browser (36.0.1985.143-0ubuntu2) UNRELEASED; urgency=low
1
chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low
3
* Upstream release 37.0.2062.94. There is no official tarball.
4
- CVE-2014-3165: Use-after-free in Blink websockets.
5
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
6
extensions that can lead to remote code execution outside of the sandbox.
7
- CVE-2014-3168: Use-after-free in SVG.
8
- CVE-2014-3169: Use-after-free in DOM.
9
- CVE-2014-3170: Extension permission dialog spoofing.
10
- CVE-2014-3171: Use-after-free in bindings.
11
- CVE-2014-3172: Issue related to extension debugging.
12
- CVE-2014-3173: Uninitialized memory read in WebGL.
13
- CVE-2014-3174: Uninitialized memory read in Web Audio.
14
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
16
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
17
API, and Google V8 to execute arbitrary code.
3
18
* Fix a shell bug in the binary-wrapper that prevented USER flags
4
19
from working properly.
5
20
* debian/control: Suggests chromiumflashplugin .
6
21
* debian/apport: Significant cleanup.
7
22
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
24
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
25
* debian/patches/*: refresh line numbers.
26
* debian/patches/search-credit.patch,
27
debian/patches/additional-search-engines.patch: Track source files moved.
28
* debian/patches/arm-neon.patch, debian/patches/ffmpeg-gyp-config.patch,
29
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
30
debian/patches/gyp-icu-m32-test:
31
Disabled. No longer needs fixing.
10
-- Chad MILLER <chad.miller@canonical.com> Thu, 21 Aug 2014 12:49:44 -0400
33
-- Chad MILLER <chad.miller@canonical.com> Thu, 28 Aug 2014 12:12:47 -0400
12
35
chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low