Viewing all changes in revision 668.
- Committer: C Miller
- Date: 2012-11-25 20:44:24 UTC
- mfrom: (558.4.102 packaging-natty)
- Revision ID: bzrdev@chad.org-20121125204424-dsicobb5ns2mcppe
* Switch from "~" to "+" as release-version and commit-revision-number
seperator. The addition of a revision should sort later than a plain
release, and this is not a prerelease where actual release should
supercede.
* No longer include Launchpad-generated translations.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Refresh patches from lp:unity-chromium-extension .
* Added Ubuntu search to new-tab pane, ubuntu-search.patch .
* Remove unnecessary glib-header-single-entry.patch .
* Make system-v8 patch use "type none" instead of "type settings".
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* New upstream version '23.0.1271.64+r165188'
* PPA update 1
* New upstream version '23.0.1271.64+r165188'
* New upstream release from the Stable Channel
- [154983][154987] Critical CVE-2012-5112: SVG use-after-free and IPC
arbitrary file write
* New upstream release from the Stable Channel
* debian/control
- fixed typo in description for chromium-codecs-ffmpeg
* debian/patches/fix-armhf-ftbfs.patch
- Dropped, no longer needed
* debian/chromium-browser.install
- Install demo extension
* debian/rules
- Updated INSTALL_EXCLUDE_FILES
- build with gcc 4.7
* debian/patches/1-infobars.patch,
debian/patches/2-get-domain-tld.patch,
debian/patches/3-chrome-xid.patch,
debian/patches/4-chromeless-window-launch-option.patch,
debian/patches/5-desktop-integration-settings.patch,
debian/patches/fix-1034541.patch
- Updated for v22
* debian/patches/6-passwordless-install-support.patch
- Webapp package installation (LP: #1059460)
* debian/patches/7-plugin-status.patch
- Don't block npapi plugins on linux, which is required by
unity-chromium-extension
* debian/patches/5-desktop-integration-settings.patch
- Updated to match libunity-webapps.so.0
* debian/patches/fix-1034541.patch
- fix chromeless issues if chromeless window is launched before a
regular browser window (LP: #1034541)
* debian/patches/4-chromeless-window-launch-option.patch
- updated to latest from webapps
* debian/patches/5-desktop-integration-settings.patch
- updated to latest from webapps
* debian/patches/1-infobars.patch
- moved infobars out of experimental, used for webapps
* debian/patches/2-get-domain-tld.patch
- Adds API for getting the base domain of a URI, used for webapps
* debian/patches/3-chrome-xid.patch
- Get xid, used for webapps
* debian/patches/chromeless-window-launch-option.patch
- Adds optional chromeless mode, used for webapps
* debian/patches/desktop-integration-settings.patch
- Adds settings for managing sites integrated with the desktop, used
for webapps
* debian/control
- Dropped build depends for libvpx-dev
* -debian/patches/vpx.patch
- dropped, build with internal vpx
[ Matthieu Baerts ]
* debian/apport:
- Update apport hook for python3 (LP: #1013171)
patch made with the help of Edward Donovan
* New upstream release from the Stable Channel
* debian/control
- Added build depends binutils-gold, libvpx-dev,libssl-dev and subversion
- Bumped standards version to 3.9.3
- don't build depend on binutils-gold for armel
* debian/rules
- explicitly set arm_float_abi=hard for armhf builds and let the rest
fallback to softfp
- do not use third_party/gold as the linker.
- enable compile-time dependency on gnome-keyring
* -debian/patches/ubuntu_dont_overwrite_default_download_directory.patch
- no longer needed
* debian/patches/grd_parse_fix.patch
- Patched to fix broken XML until we can get a proper fix for
chromium-translation-tools.
* debian/patches/vpx.patch
- patch from debian to fix FTBFS on armel
* debian/patches/arm.patch
- patch from debian to fix FTBFS on armel
* debian/rules
- force to build with gcc 4.6 to fix ftbfs (LP: #992212)
- don't build with -Werror
* debian/control
- add build depends for g++-4.6-multilib
* debian/rules
- include armv7 in GYP_DEFINES for 11.10, 12.04 and 12.10. Fixes
FTBFS on arm (LP: #993080)
* New upstream release from the Stable Channel (LP: #992352)
- [106413] High CVE-2011-3078: Use after free in floats handling. Credit to
Google Chrome Security Team (Marty Barbella) and independent later
discovery by miaubiz.
- [117110] High CVE-2012-1521: Use after free in xml parser. Credit to
Google Chrome Security Team (SkyLined) and independent later discovery by
wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
- [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie
- [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to
Willem Pinckaers of Matasano.
- [121899] High CVE-2011-3081: Use after free in floats handling.
Credit to miaubiz.
* New upstream release from the Stable Channel (LP: #992352)
- [106413] High CVE-2011-3078: Use after free in floats handling. Credit to
Google Chrome Security Team (Marty Barbella) and independent later
discovery by miaubiz.
- [117110] High CVE-2012-1521: Use after free in xml parser. Credit to
Google Chrome Security Team (SkyLined) and independent later discovery by
wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
- [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie
- [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to
Willem Pinckaers of Matasano.
- [121899] High CVE-2011-3081: Use after free in floats handling.
Credit to miaubiz.
* New upstream release from the Stable Channel
* New upstream release from the Stable Channel (LP: #977502)
- black screen on Hybrid Graphics system with GPU accelerated compositing
enabled (Issue: 117371)
- CSS not applied to <content> element (Issue: 114667)
- Regression rendering a div with background gradient and borders
(Issue: 113726)
- Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
- Multiple crashes (Issues: 72235, 116825 and 92998)
- Pop-up dialog is at wrong position (Issue: 116045)
- HTML Canvas patterns are broken if you change the transformation matrix
(Issue: 112165)
- SSL interstitial error "proceed anyway" / "back to safety" buttons don't
work (Issue: 119252)
This release fixes the following security issues:
- [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
Sergey Glazunov.
- [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
miaubiz.
- [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
window. Credit to Sergey Glazunov.
- [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.
- [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
to Sławomir Błażek.
- [119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.
- [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
to Google Chrome Security Team (Inferno).
* New upstream release from the Stable Channel (LP: #977502)
- black screen on Hybrid Graphics system with GPU accelerated compositing
enabled (Issue: 117371)
- CSS not applied to <content> element (Issue: 114667)
- Regression rendering a div with background gradient and borders
(Issue: 113726)
- Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
- Multiple crashes (Issues: 72235, 116825 and 92998)
- Pop-up dialog is at wrong position (Issue: 116045)
- HTML Canvas patterns are broken if you change the transformation matrix
(Issue: 112165)
- SSL interstitial error "proceed anyway" / "back to safety" buttons don't
work (Issue: 119252)
This release fixes the following security issues:
- [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
Sergey Glazunov.
- [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
miaubiz.
- [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
window. Credit to Sergey Glazunov.
- [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.
- [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
to Sławomir Błażek.
- [119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.
- [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
to Google Chrome Security Team (Inferno).
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
* New upstream release from the Stable Channel (LP: #961831)
This release fixes the following security issues:
- [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
to Glenn Randers-Pehrson of the libpng project.
- [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
Credit to Ben Vanik of Google.
- [116746] High CVE-2011-3053: Use-after-free in block splitting.
Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui
privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation. Credit to PinkiePie.
- [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
Credit to Sergey Glazunov.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* New upstream release from the Stable Channel (LP: #961831)
This release fixes the following security issues:
- [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
to Glenn Randers-Pehrson of the libpng project.
- [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
Credit to Ben Vanik of Google.
- [116746] High CVE-2011-3053: Use-after-free in block splitting.
Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui
privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation. Credit to PinkiePie.
- [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
Credit to Sergey Glazunov.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* New upstream release from the Stable Channel (LP: #952711)
This release fixes the following security issue:
- [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
process memory corruption. Credit to PinkiePie.
* New upstream release from the Stable Channel (LP: #952711)
This release fixes the following security issue:
- [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
process memory corruption. Credit to PinkiePie.
* Add libgles2-mesa-dev build dependency on armhf as well; Hopefully really
fix LP: #943281; Thanks to Christian Dywan for the tip
- update debian/control
* New upstream release from the Stable Channel (LP: #950174)
This release fixes the following security issue:
- [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation.
Credit to Sergey Glazunov.
* New upstream release from the Stable Channel (LP: #950174)
This release fixes the following security issue:
- [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation.
Credit to Sergey Glazunov.
[ Micah Gersten <micahg@ubuntu.com> ]
* Revert manual changes to v8 build system since we're using the gyp flag now
- update debian/patches/fix-armhf-ftbfs.patch
[ Jani Monoses <jani@ubuntu.com> ]
* Attempt to fix armhf build again (LP: #943281)
- update debian/rules
* New upstream release from the Stable Channel (LP: #948749)
- fixes regression in the DOM [116789]
* New upstream release from the Stable Channel (LP: #948749)
- fixes regression in the DOM [116789]
[ Jani Monoses <jani@ubuntu.com> ]
* Fix FTBFS on armhf (LP: #943281)
- add debian/patches/fix-armhf-ftbfs.patch
- update debian/patches/series
* New upstream release from the Stable Channel (LP: #946914)
- Cursors and backgrounds sometimes do not load [111218]
- Plugins not loading on some pages [108228]
- Text paste includes trailing spaces [106551]
- Websites using touch controls break [110332]
This release fixes the following security issues:
- [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
to Chamal de Silva.
- [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
to Arthur Gerkis.
- [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
library. Credit to Aki Helin of OUSPG.
- [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
Credit to Arthur Gerkis.
- [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
Arthur Gerkis.
- [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
miaubiz.
- [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
block splitting. Credit to miaubiz.
- [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
Credit to miaubiz.
- [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
miaubiz.
- [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
to miaubiz.
- [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
Credit to miaubiz.
- [114219] High CVE-2011-3042: Use-after-free in table section handling.
Credit to miaubiz.
- [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
to miaubiz.
- [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
Credit to Arthur Gerkis.
* New upstream release from the Stable Channel (LP: #946914)
- Cursors and backgrounds sometimes do not load [111218]
- Plugins not loading on some pages [108228]
- Text paste includes trailing spaces [106551]
- Websites using touch controls break [110332]
This release fixes the following security issues:
- [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
to Chamal de Silva.
- [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
to Arthur Gerkis.
- [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
library. Credit to Aki Helin of OUSPG.
- [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
Credit to Arthur Gerkis.
- [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
Arthur Gerkis.
- [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
miaubiz.
- [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
block splitting. Credit to miaubiz.
- [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
Credit to miaubiz.
- [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
miaubiz.
- [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
to miaubiz.
- [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
Credit to miaubiz.
- [114219] High CVE-2011-3042: Use-after-free in table section handling.
Credit to miaubiz.
- [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
to miaubiz.
- [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
Credit to Arthur Gerkis.
* Fix arm specific flags again; Use findstring instead of filter as arm
isn't the entire build arch name
- update debian/rules
* Add arm specific flags for arm*, not just armel; This allows building on
armhf successfully (we hope)
- update debian/rules
* Change chromium-browser-dbg to Priority: extra, Section: debug per lintian
- update debian/control
* Fix line endings in debian/copyright per lintian
- update debian/copyright
* Make copyright file UTF-8 per lintian
- update debian/copyright
* New upstream release from the Stable Channel (LP: #933262)
This release fixes the following security issues:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
* New upstream release from the Stable Channel (LP: #931905, #933262)
This release fixes the following security issues from 17.0.963.56:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
This release fixes the following security issues from 17.0.963.46:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #931905)
This release fixes the following security issues:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #923602, #897389)
(LP: #914648, #889711)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
This upload also includes the following security fixes from 16.0.912.75:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
This upload also includes the following fixes from 15.0.874.121:
- fix to a regression: SVG in iframe doesn't use specified dimensions
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler
[ Micah Gersten <micahg@ubuntu.com> ]
* Add patch to build with glib 2.31 (single entry header inclusion)
- add debian/patches/glib-header-single-entry.patch
- update debian/patches/series
[ Brandon Snider <brandonsnider@ubuntu.com> ]
* Refresh user agent patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
- [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to
Google Chrome Security Team (Inferno) and miaubiz.
This upload also includes the following security fixes from 15.0.874.121:
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler.
This upload also includes the following security fixes from 15.0.874.120:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
[ Brandon Snider <brandonsnider@ubuntu.com> ]
* Refresh patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel
[ Brandon Snider <brandonsnider@ubuntu.com> ]
* Refresh patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #889711)
This release fixes the following security issues:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
* New upstream release from the Stable Channel (LP: #881786)
- This release fixes a regression with regard to logging into certain
websites
* New upstream release from the Stable Channel (LP: #881786)
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
- update debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/webkit_rev_parser.patch
[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control
* New upstream release from the Stable Channel (LP: #881786)
- fix LP: #881607 - Error initializing NSS without a persistent database
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
- update debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/webkit_rev_parser.patch
* Dropped patches, fixed upstream
- remove debian/patches/cups_1.5_build_fix.patch
- update debian/patches/series
* Don't depend on cdbs being installed to create a tarball
- update debian/rules
- update debian/cdbs/tarball.mk
[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control
* Don't depend on cdbs being installed to create a tarball
* Switch maintainer to Ubuntu Developers; Thanks to Fabien Tassin for all
his work on this package
- update debian/control
* Switch to internal libvpx; This makes updating easier after release
- update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
- update debian/control
* Switch to default libjpeg
- update debian/control
* Update Vcs-Bzr for precise
- update debian/control
* Drop the HTML5 video patch, now committed upstream
- remove debian/patches/html5-codecs-fix.patch
- update debian/patches/series
* Add a "Conflicts" with -inspector so that it gets removed
- update debian/control
* Build with the default gcc-4.6 on Oneiric
- update debian/control
- update debian/rules
* Refresh Patches
* New upstream release from the Stable Channel (LP: #858744)
This release fixes the following security issues:
+ Chromium issues (13.0.782.220):
- Trust in Diginotar Intermediate CAs revoked
+ Chromium issues (14.0.835.163):
- [49377] High CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi.
- [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
wbrana.
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
loading plug-ins. Credit to Michal Zalewski.
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
Mario Gomes.
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany.
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
to Mario Gomes.
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
to Jordi Chancel.
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
to Google Chrome Security Team (SkyLined).
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
Helin of OUSPG.
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
characters. Credit to Google Chrome Security Team (Inferno).
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
+ Chromium issues (14.0.835.202):
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
window prototype. Credit to Sergey Glazunov.
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
handling. Credit to Google Chrome Security Team (Inferno).
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
Credit to Zhenyao Mo.
+ Webkit issues (14.0.835.163):
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
user interaction. Credit to kuzzcc.
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
- [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
miaubiz.
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
to miaubiz.
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
handing. Credit to Sławomir Błażek, and independent later discoveries by
miaubiz and Google Chrome Security Team (Inferno).
- [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
Arthur Gerkis.
- [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
to miaubiz.
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
+ Webkit issues (14.0.835.202):
- [93788] High CVE-2011-2876: Use-after-free in text line box handling.
Credit to miaubiz.
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
miaubiz.
+ LibXML issue (14.0.835.163):
- [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
to Yang Dingning
+ V8 issues (14.0.835.163):
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
to Kostya Serebryany
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
Divricean.
- [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
- [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
to Christian Holler.
+ V8 issues (14.0.835.202):
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
bindings. Credit to Sergey Glazunov.
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
Credit to Sergey Glazunov.
[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
- update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
the upstream rename, and add a mapping flag to the grit converter
- update debian/rules
* New upstream release from the Stable Channel (LP: #858744)
This release fixes the following security issues:
+ Chromium issues (13.0.782.220):
- Trust in Diginotar Intermediate CAs revoked
+ Chromium issues (14.0.835.163):
- [49377] High CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi.
- [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
wbrana.
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
loading plug-ins. Credit to Michal Zalewski.
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
Mario Gomes.
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany.
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
to Mario Gomes.
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
to Jordi Chancel.
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
to Google Chrome Security Team (SkyLined).
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
Helin of OUSPG.
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
characters. Credit to Google Chrome Security Team (Inferno).
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
+ Chromium issues (14.0.835.202):
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
window prototype. Credit to Sergey Glazunov.
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
handling. Credit to Google Chrome Security Team (Inferno).
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
Credit to Zhenyao Mo.
+ Webkit issues (14.0.835.163):
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
user interaction. Credit to kuzzcc.
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
- [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
miaubiz.
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
to miaubiz.
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
handing. Credit to Sławomir Błażek, and independent later discoveries by
miaubiz and Google Chrome Security Team (Inferno).
- [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
Arthur Gerkis.
- [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
to miaubiz.
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
+ Webkit issues (14.0.835.202):
- [93788] High CVE-2011-2876: Use-after-free in text line box handling.
Credit to miaubiz.
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
miaubiz.
+ LibXML issue (14.0.835.163):
- [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
to Yang Dingning
+ V8 issues (14.0.835.163):
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
to Kostya Serebryany
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
Divricean.
- [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
- [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
to Christian Holler.
+ V8 issues (14.0.835.202):
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
bindings. Credit to Sergey Glazunov.
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
Credit to Sergey Glazunov.
[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
- update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
the upstream rename, and add a mapping flag to the grit converter
- update debian/rules
* Refresh Patches
[ Micah Gersten ]
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
- update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
- update debian/control
* Enable hardening on armel. LP: #641126.
* New upstream release from the Stable Channel
Packaging changes:
* Fix a FTBFS with cups 1.5.0 by including individual cups headers
- add debian/patches/cups_1.5_build_fix.patch
- update debian/patches/series
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
* New upstream release from the Stable Channel
* Fix a FTBFS with cups 1.5.0 by including individual cups headers
- add debian/patches/cups_1.5_build_fix.patch
- update debian/patches/series
* Add libgles2-mesa-dev to Build-deps for Armel (only), fixing a FTBFS
- update debian/control
* New Major upstream release from the Stable Channel
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Add a "Conflicts" with -inspector so that it gets removed
- update debian/control
* Disable PIE for ARM on Oneiric too
- update debian/rules
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install
* Drop obsolete patches
- remove debian/patches/cups_cleanup_cr6883221.patch
- update debian/patches/series
[ Fabien Tassin <fta@ubuntu.com> ]
* New Major upstream release from the Stable Channel (LP: #819991)
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install
Packaging changes:
* Add Valencian (ca@valencia) to the list of supported langs for the
lang-packs
- update debian/rules
- update debian/control
* Add support for language variants in Grit, backported from trunk.
This is needed to support lang-codes like ca@valencia
- add debian/patches/grit_language_variants.patch
- update debian/patches/series
* Add a WANT_ONLY_WHITELISTED_NEW_LANGS knob to make it easier to
sync translations of new langs between all the branches
- update debian/rules
* Properly stop the keep-alive when the build fails
- update debian/rules
* Fix the HTML5 <video> tag regression in Oneiric by properly linking
libvpx so it's not being dropped from libffmpegsumo.so (LP: #795171)
- add debian/patches/html5-codecs-fix.patch
- update debian/patches/series
* Drop the -inspector package, its content has been merged into the main deb
in M12 and the deb remained empty since.
Also drop chromium-codecs-ffmpeg-nonfree, renamed in M5 to -extra
- update debian/control
- update debian/rules
* Backport of http://codereview.chromium.org/6883221 from M13 presumably
fixing the ARM ftbfs from the last update, and set use_cups=0 on armel
- add debian/patches/cups_cleanup_cr6883221.patch
- update debian/patches/series
- update debian/rules
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
This release fixes the following security issues:
+ WebKit issues:
- [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
Credit to miaubiz.
- [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
to miaubiz.
- [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
HTML parser. Credit to miaubiz.
- [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
Credit to miaubiz.
- [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
to miaubiz.
+ Chromium issues:
- [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
handling. Credit to Philippe Arteau.
- [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
Helin of OUSPG.
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
This release fixes the following security issues:
+ WebKit issues:
- [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
Credit to miaubiz.
- [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
to miaubiz.
- [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
HTML parser. Credit to miaubiz.
- [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
Credit to miaubiz.
- [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
to miaubiz.
+ Chromium issues:
- [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
handling. Credit to Philippe Arteau.
- [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
Helin of OUSPG.
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Web Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Removal of support for Google Gears
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
Packaging changes:
* Provide a batch of translations for the Unity quicklists, and update
the regular desktop translations
- update debian/chromium-browser.desktop
* Add a keep-alive script preventing the builders from killing the build
when it's not echoing anything for too long (useful when linking
the main binary with ld-bfd)
- add debian/keep-alive.sh
- update debian/rules
* Drop the gtk resize patch, now that upstream does it for us
- remove debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
detect that xdg-setting is present on the system (ensuring it's a recent
enough xdg-utils)
- update debian/chromium-browser.sh.in
- remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Drop the stored passwords patch
- remove debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Drop the dedicated webapp WMClass patch
- remove debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
* When building with a non-default g++, also link with the same version
- update debian/rules
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium-browser-inspector.install
- update debian/chromium-browser.dirs
- update debian/rules
* Drop the gtk resize patch, now that upstream does it for us
- remove debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
detect that xdg-setting is present on the system (ensuring it's a recent
enough xdg-utils)
- update debian/chromium-browser.sh.in
- remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Drop the dedicated webapp WMClass patch
- remove debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Integrated Sync into new settings pages
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
* Drop the stored passwords patch (fixed upstream)
- remove debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium-browser-inspector.install
- update debian/chromium-browser.dirs
- update debian/rules
* Update the location of the app_strings templates
- update debian/rules
* Don't build with libjpeg-turbo on armel, to prevent a FTBFS
- update debian/rules
* Rebase the GL dlopen patch
- update debian/patches/dlopen_sonamed_gl.patch
[ Micah Gersten <micahg@ubuntu.com> ]
* Don't have chromium-browser depend on chromium-browser-inspector anymore
it's now a transitional package; Change text of chromium-browser-inspector
to reflect its transitional nature
- update debian/control
* New Minor upstream release from the Stable Channel (LP: #787846)
This release fixes the following security issues:
+ WebKit issues:
- [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
Silva.
- [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
to Martin Barbella.
- [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
of the Chromium development community.
- other issues covered by CVE-2011-1802, CVE-2011-1803, CVE-2011-1805
+ GPU/WebGL issue:
- [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
(LP: #748881)
- update debian/chromium-browser.svg
* Don't build with libjpeg-turbo on armel, to prevent a FTBFS
- update debian/rules
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #787846)
This release fixes the following security issues:
+ WebKit issues:
- [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
Silva.
- [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
to Martin Barbella.
- [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
of the Chromium development community.
+ GPU/WebGL issue:
- [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
(LP: #748881)
- update debian/chromium-browser.svg
* New Minor upstream release from the Stable Channel (LP: #781822)
This release fixes the following security issues:
+ WebKit issues:
- [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
to Google Chrome Security Team (SkyLined).
- [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
to Google Chrome Security Team (Cris Neckar).
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #781822)
This release fixes the following security issues:
+ WebKit issues:
- [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
to Google Chrome Security Team (SkyLined).
- [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
to Google Chrome Security Team (Cris Neckar).
* New Minor upstream release from the Stable Channel (LP: #778822)
This release fixes the following security issues:
+ WebKit issues:
- [67923] High, CVE-2011-1793: stale pointer in SVG image handling
(credit: Mitz)
- [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
Inferno)
- [78948] High, CVE-2011-1795: integer underflow in forms handling
(credit: Cris Neckar)
- [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
Inferno)
- [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
wushi)
- [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
Inferno)
* Add a static quicklist for Unity allowing to open a new window (either regular
or incognito) or a fresh session with a temporary profile
- update debian/chromium-browser.desktop
* Don't let scour touch the svg files (LP: #748881)
- update debian/rules
* Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
workaround.
- update debian/rules
* Build with gcc-4.5 on Oneiric for now. It's not ready for 4.6
- update debian/control
- update debian/rules
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #778822)
This release fixes the following security issues:
+ WebKit issues:
- [67923] High, CVE-2011-1793: stale pointer in SVG image handling
(credit: Mitz)
- [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
Inferno)
- [78948] High, CVE-2011-1795: integer underflow in forms handling
(credit: Cris Neckar)
- [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
Inferno)
- [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
wushi)
- [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
Inferno)
* Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
workaround.
- update debian/rules
[ Micah Gersten <micahg@ubuntu.com> ]
* Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
- update debian/control
* New Major upstream release from the Stable Channel (LP: #771935)
This release fixes the following security issues:
+ WebKit issues:
- [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
Credit to Scott Hess of the Chromium development community and Martin
Barbella.
- [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
Chamal De Silva.
- [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
Credit to Kostya Serebryany of the Chromium development community.
- [73526] High, CVE-2011-1437: Integer overflows in float rendering.
Credit to miaubiz.
- [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
Credit to kuzzcc.
- [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Credit to Jose A. Vazquez.
- [75347] High, CVE-2011-1441: Bad cast with floating select lists.
Credit to Michael Griffiths.
- [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
Credit to Sergey Glazunov and wushi of team 509.
- [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
Martin Barbella.
- [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
wushi of team509.
- [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
with navigation errors and interrupted loads. Credit to kuzzcc.
- [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
Credit to miaubiz.
- [77130] High, CVE-2011-1448: Stale pointer in height calculations.
Credit to wushi of team509.
- [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
Marek Majkowski.
- [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
Sergey Glazunov.
- [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
to Sergey Glazunov.
+ Chromium issues:
- [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
Credit to Aki Helin.
- [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
capture local files. Credit to Cole Snodgrass.
- [72910] Low, CVE-2011-1436: Possible browser crash due to bad
interaction with X. Credit to miaubiz.
- [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
to Dan Rosenberg.
- [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
to kuzzcc.
- [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
reload. Credit to Jordi Chancel.
- [74763] High, CVE-2011-1439: Prevent interference between renderer
processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
- add debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Fix the dedicated webapp WMClass (needed by Unity/bamf).
Don't change the WMClass at all on XFCE where it is displayed to
the user as a title (which it isn't). This is a backport
of upstream revisions 82581 & 82672 (LP: #692462)
- update debian/patches/webapps-wm-class-lp692462.patch
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
- update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
- update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
- update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
the Launchpad translations already used in Ubuntu since Chromium 8)
- update debian/rules
* New Major upstream release from the Stable Channel (LP: #771935)
This release fixes the following security issues:
+ WebKit issues:
- [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
Credit to Scott Hess of the Chromium development community and Martin
Barbella.
- [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
Chamal De Silva.
- [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
Credit to Kostya Serebryany of the Chromium development community.
- [73526] High, CVE-2011-1437: Integer overflows in float rendering.
Credit to miaubiz.
- [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
Credit to kuzzcc.
- [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Credit to Jose A. Vazquez.
- [75347] High, CVE-2011-1441: Bad cast with floating select lists.
Credit to Michael Griffiths.
- [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
Credit to Sergey Glazunov and wushi of team 509.
- [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
Martin Barbella.
- [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
wushi of team509.
- [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
with navigation errors and interrupted loads. Credit to kuzzcc.
- [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
Credit to miaubiz.
- [77130] High, CVE-2011-1448: Stale pointer in height calculations.
Credit to wushi of team509.
- [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
Marek Majkowski.
- [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
Sergey Glazunov.
- [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
to Sergey Glazunov.
+ Chromium issues:
- [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
Credit to Aki Helin.
- [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
capture local files. Credit to Cole Snodgrass.
- [72910] Low, CVE-2011-1436: Possible browser crash due to bad
interaction with X. Credit to miaubiz.
- [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
to Dan Rosenberg.
- [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
to kuzzcc.
- [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
reload. Credit to Jordi Chancel.
- [74763] High, CVE-2011-1439: Prevent interference between renderer
processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
- add debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Fix the dedicated webapp WMClass (needed by Unity/bamf).
Don't change the WMClass at all on XFCE where it is displayed to
the user as a title (which it isn't). This is a backport
of upstream revisions 82581 & 82672 (LP: #692462)
- update debian/patches/webapps-wm-class-lp692462.patch
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
- update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
- update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
- update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
the Launchpad translations already used in Ubuntu since Chromium 8)
- update debian/rules
* New upstream minor release from the Stable Channel (LP: #762275)
This release fixes the following security issues:
- [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
Credit to Google Chrome Security Team (Inferno).
- [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
to Christoph Diehl.
* Make the default mail client and browser settings work with the
x-scheme-handler method of registering URI handlers in gnome3.
This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
<chris.coulson@canonical.com>, itself based on Bastien Nocera <hadess@hadess.net>
upstream fix (LP: #670128)
- add debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
called from apport/ubuntu-bug (LP: #759635)
- update debian/apport/chromium-browser.py
* Report a dedicated WMClass per webapp, needed by Unity/bamf.
(backported from trunk) (LP: #692462)
- add debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
* NaCL may be blacklisted, so only include it when it's actually been
built (fixes the ftbfs on arm) (LP: #745854)
- update debian/rules
- update debian/chromium-browser.install
* Harden the apport hooks in the extensions section
- update debian/apport/chromium-browser.py
* New upstream minor release from the Stable Channel (LP: #742118)
This release fixes the following security issues:
+ Webkit bugs:
- [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
to Sławomir Błażek.
- [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
to Sergey Glazunov.
- [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
Sergey Glazunov.
- [74991] High, CVE-2011-1295: DOM tree corruption with broken node
parentage. Credit to Sergey Glazunov.
- [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
to Sergey Glazunov.
+ Chromium bugs:
- [72517] High, CVE-2011-1291: Buffer error in base string handling.
Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
preventing a SIGILL crash on some boards (LP: #735877)
- update debian/control
* Install libppGoogleNaClPluginChrome.so (LP: #738331)
- update debian/rules
- update debian/chromium-browser.install
* New upstream security release from the Stable Channel (LP: #733514)
+ Webkit:
- CVE-2011-1290 [75712] High, Memory corruption in style handling. Credit
to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
through ZDI.
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
- update debian/rules
- update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
on maverick and natty
- update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
- update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
- update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
or git directories to be available at build time)
- add debian/patches/webkit_rev_parser.patch
- update debian/patches/series
* New upstream release from the Stable Channel (LP: #726895)
This release fixes the following security issues:
+ Webkit bugs:
- [54262] High, URL bar spoof with history interaction. Credit to Jordi
Chancel.
- [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
- [68741] High, Stale pointer with key frame rule. Credit to Sergey
Glazunov.
- [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
- [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
- [71114] High, Stale node in table child handling. Credit to Martin
Barbella.
- [71115] High, Stale pointer in table rendering. Credit to Martin
Barbella.
- [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
- [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
- [71388] High, Crash in textarea handling. Credit to wushi of team509.
- [71595] High, Stale pointer in device orientation. Credit to Sergey
Glazunov.
- [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
- [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
Security Team (Inferno).
- [73235] High, Stale pointer in layout. Credit to Martin Barbella.
+ Chromium bugs:
- [63732] High, Crash with javascript dialogs. Credit to Sergey
Radchenko.
- [64-bit only] [70376] Medium, Out-of-bounds read in pickle
deserialization. Credit to Evgeniy Stepanov of the Chromium development
community.
- [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
- [72214] High, Accidental exposure of internal extension functions.
Credit to Tavis Ormandy of the Google Security Team.
- [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
Silva.
* Bump the lang-pack package from Suggests to Recommends (LP: #689267)
- update debian/control
* Disable PIE on Armel/Lucid (LP: #716703)
- update debian/rules
* Add the disk usage to the Apport hooks
- update debian/apport/chromium-browser.py
* Drop gyp from Build-Depends, use in-source gyp instead
- update debian/control
* Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
- update debian/rules
- update debian/control
- add debian/chromium-codecs-ffmpeg-extra.install
- add debian/chromium-codecs-ffmpeg.install
* New upstream release from the Stable Channel (LP: #715357)
This release fixes the following security issues:
- [67234] High, Stale pointer in animation event handling. Credit to Rik
Cabanier.
- [68120] High, Use-after-free in SVG font faces. Credit to miaubiz.
- [69556] High, Stale pointer with anonymous block handling. Credit to
Martin Barbella.
- [69970] Medium, Out-of-bounds read in plug-in handling. Credit to Bill
Budge of Google.
- [70456] Medium, Possible failure to terminate process on out-of-memory
condition. Credit to David Warren of CERT/CC.
* Update the gl dlopen patch to search for libGLESv2.so.2 instead of .1
- update debian/patches/dlopen_sonamed_gl.patch
* New upstream release from the Stable Channel (LP: #712655)
This release fixes the following security issues:
- [55831] High, Use-after-free in image loading. Credit to Aki Helin of
OUSPG.
- [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
to Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low, Browser crash with extension with missing key. Credit to
Brian Kirchoff.
- [64669] Low, Handle merging of autofill profiles more gracefully. Credit
to Google Chrome Security Team (Inferno).
- [68244] Low, Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical, Race condition in audio handling. Credit to the gamers
of Reddit!
* Add the app/resources/app_strings.grd template to the list
of templates translated in Launchpad
- update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
- remove debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
now done in the upstream gyp files
- update debian/control
- update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
to execute mouse and keyboard events
- update debian/control
* Remove GNOME_DESKTOP_SESSION_ID from the Apport report, it's useless
- update debian/apport/chromium-browser.py
* Add a system to enable/disable distribution specific patches from the quilt
series
- add debian/enable-dist-patches.pl
- update debian/rules
* Disable the gtk resize grip on Natty (LP: #703451)
Original patch by Cody Russell <crussell@ubuntu.com>, ported to v9
- add debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Fix the libgnutls dlopen to look for the sonamed lib
- add debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs.
This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
the libosmesa6 package are installed
- add debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/series
seperator. The addition of a revision should sort later than a plain
release, and this is not a prerelease where actual release should
supercede.
* No longer include Launchpad-generated translations.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Refresh patches from lp:unity-chromium-extension .
* Added Ubuntu search to new-tab pane, ubuntu-search.patch .
* Remove unnecessary glib-header-single-entry.patch .
* Make system-v8 patch use "type none" instead of "type settings".
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* New upstream version '23.0.1271.64+r165188'
* PPA update 1
* New upstream version '23.0.1271.64+r165188'
* New upstream release from the Stable Channel
- [154983][154987] Critical CVE-2012-5112: SVG use-after-free and IPC
arbitrary file write
* New upstream release from the Stable Channel
* debian/control
- fixed typo in description for chromium-codecs-ffmpeg
* debian/patches/fix-armhf-ftbfs.patch
- Dropped, no longer needed
* debian/chromium-browser.install
- Install demo extension
* debian/rules
- Updated INSTALL_EXCLUDE_FILES
- build with gcc 4.7
* debian/patches/1-infobars.patch,
debian/patches/2-get-domain-tld.patch,
debian/patches/3-chrome-xid.patch,
debian/patches/4-chromeless-window-launch-option.patch,
debian/patches/5-desktop-integration-settings.patch,
debian/patches/fix-1034541.patch
- Updated for v22
* debian/patches/6-passwordless-install-support.patch
- Webapp package installation (LP: #1059460)
* debian/patches/7-plugin-status.patch
- Don't block npapi plugins on linux, which is required by
unity-chromium-extension
* debian/patches/5-desktop-integration-settings.patch
- Updated to match libunity-webapps.so.0
* debian/patches/fix-1034541.patch
- fix chromeless issues if chromeless window is launched before a
regular browser window (LP: #1034541)
* debian/patches/4-chromeless-window-launch-option.patch
- updated to latest from webapps
* debian/patches/5-desktop-integration-settings.patch
- updated to latest from webapps
* debian/patches/1-infobars.patch
- moved infobars out of experimental, used for webapps
* debian/patches/2-get-domain-tld.patch
- Adds API for getting the base domain of a URI, used for webapps
* debian/patches/3-chrome-xid.patch
- Get xid, used for webapps
* debian/patches/chromeless-window-launch-option.patch
- Adds optional chromeless mode, used for webapps
* debian/patches/desktop-integration-settings.patch
- Adds settings for managing sites integrated with the desktop, used
for webapps
* debian/control
- Dropped build depends for libvpx-dev
* -debian/patches/vpx.patch
- dropped, build with internal vpx
[ Matthieu Baerts ]
* debian/apport:
- Update apport hook for python3 (LP: #1013171)
patch made with the help of Edward Donovan
* New upstream release from the Stable Channel
* debian/control
- Added build depends binutils-gold, libvpx-dev,libssl-dev and subversion
- Bumped standards version to 3.9.3
- don't build depend on binutils-gold for armel
* debian/rules
- explicitly set arm_float_abi=hard for armhf builds and let the rest
fallback to softfp
- do not use third_party/gold as the linker.
- enable compile-time dependency on gnome-keyring
* -debian/patches/ubuntu_dont_overwrite_default_download_directory.patch
- no longer needed
* debian/patches/grd_parse_fix.patch
- Patched to fix broken XML until we can get a proper fix for
chromium-translation-tools.
* debian/patches/vpx.patch
- patch from debian to fix FTBFS on armel
* debian/patches/arm.patch
- patch from debian to fix FTBFS on armel
* debian/rules
- force to build with gcc 4.6 to fix ftbfs (LP: #992212)
- don't build with -Werror
* debian/control
- add build depends for g++-4.6-multilib
* debian/rules
- include armv7 in GYP_DEFINES for 11.10, 12.04 and 12.10. Fixes
FTBFS on arm (LP: #993080)
* New upstream release from the Stable Channel (LP: #992352)
- [106413] High CVE-2011-3078: Use after free in floats handling. Credit to
Google Chrome Security Team (Marty Barbella) and independent later
discovery by miaubiz.
- [117110] High CVE-2012-1521: Use after free in xml parser. Credit to
Google Chrome Security Team (SkyLined) and independent later discovery by
wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
- [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie
- [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to
Willem Pinckaers of Matasano.
- [121899] High CVE-2011-3081: Use after free in floats handling.
Credit to miaubiz.
* New upstream release from the Stable Channel (LP: #992352)
- [106413] High CVE-2011-3078: Use after free in floats handling. Credit to
Google Chrome Security Team (Marty Barbella) and independent later
discovery by miaubiz.
- [117110] High CVE-2012-1521: Use after free in xml parser. Credit to
Google Chrome Security Team (SkyLined) and independent later discovery by
wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
- [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie
- [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to
Willem Pinckaers of Matasano.
- [121899] High CVE-2011-3081: Use after free in floats handling.
Credit to miaubiz.
* New upstream release from the Stable Channel
* New upstream release from the Stable Channel (LP: #977502)
- black screen on Hybrid Graphics system with GPU accelerated compositing
enabled (Issue: 117371)
- CSS not applied to <content> element (Issue: 114667)
- Regression rendering a div with background gradient and borders
(Issue: 113726)
- Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
- Multiple crashes (Issues: 72235, 116825 and 92998)
- Pop-up dialog is at wrong position (Issue: 116045)
- HTML Canvas patterns are broken if you change the transformation matrix
(Issue: 112165)
- SSL interstitial error "proceed anyway" / "back to safety" buttons don't
work (Issue: 119252)
This release fixes the following security issues:
- [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
Sergey Glazunov.
- [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
miaubiz.
- [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
window. Credit to Sergey Glazunov.
- [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.
- [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
to Sławomir Błażek.
- [119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.
- [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
to Google Chrome Security Team (Inferno).
* New upstream release from the Stable Channel (LP: #977502)
- black screen on Hybrid Graphics system with GPU accelerated compositing
enabled (Issue: 117371)
- CSS not applied to <content> element (Issue: 114667)
- Regression rendering a div with background gradient and borders
(Issue: 113726)
- Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
- Multiple crashes (Issues: 72235, 116825 and 92998)
- Pop-up dialog is at wrong position (Issue: 116045)
- HTML Canvas patterns are broken if you change the transformation matrix
(Issue: 112165)
- SSL interstitial error "proceed anyway" / "back to safety" buttons don't
work (Issue: 119252)
This release fixes the following security issues:
- [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
Credit to miaubiz.
- [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
Sergey Glazunov.
- [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
miaubiz.
- [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
to miaubiz.
- [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
Google Chrome Security Team (SkyLined).
- [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
- [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
window. Credit to Sergey Glazunov.
- [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
Credit to Arthur Gerkis.
- [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
to Sławomir Błażek.
- [119525] High CVE-2011-3075: Use-after-free applying style command.
Credit to miaubiz.
- [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
miaubiz.
- [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
to Google Chrome Security Team (Inferno).
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
* New upstream release from the Stable Channel (LP: #968901)
This release fixes the following security issues:
- [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
EUC-JP. Credit to Masato Kinugawa.
- [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
Credit to Arthur Gerkis.
- [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling. Credit to miaubiz.
- [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
Credit to Leonidas Kontothanassis of Google.
- [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
Mateusz Jurczyk of the Google Security Team.
- [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
scarybeasts (Google Chrome Security Team).
- [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
Atte Kettunen of OUSPG.
- [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
http://code.google.com/p/chromium/issues/detail?id=79050
- update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
- drop debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
- update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
on android, but is used by the build system
- update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
- update debian/rules
* New upstream release from the Stable Channel (LP: #961831)
This release fixes the following security issues:
- [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
to Glenn Randers-Pehrson of the libpng project.
- [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
Credit to Ben Vanik of Google.
- [116746] High CVE-2011-3053: Use-after-free in block splitting.
Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui
privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation. Credit to PinkiePie.
- [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
Credit to Sergey Glazunov.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* New upstream release from the Stable Channel (LP: #961831)
This release fixes the following security issues:
- [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
Credit to miaubiz.
- [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
to Glenn Randers-Pehrson of the libpng project.
- [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
Credit to Arthur Gerkis.
- [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
Credit to Ben Vanik of Google.
- [116746] High CVE-2011-3053: Use-after-free in block splitting.
Credit to miaubiz.
- [117418] Low CVE-2011-3054: Apply additional isolations to webui
privileges. Credit to Sergey Glazunov.
- [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation. Credit to PinkiePie.
- [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
Credit to Sergey Glazunov.
- [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
Holler.
* New upstream release from the Stable Channel (LP: #952711)
This release fixes the following security issue:
- [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
process memory corruption. Credit to PinkiePie.
* New upstream release from the Stable Channel (LP: #952711)
This release fixes the following security issue:
- [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
process memory corruption. Credit to PinkiePie.
* Add libgles2-mesa-dev build dependency on armhf as well; Hopefully really
fix LP: #943281; Thanks to Christian Dywan for the tip
- update debian/control
* New upstream release from the Stable Channel (LP: #950174)
This release fixes the following security issue:
- [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation.
Credit to Sergey Glazunov.
* New upstream release from the Stable Channel (LP: #950174)
This release fixes the following security issue:
- [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation.
Credit to Sergey Glazunov.
[ Micah Gersten <micahg@ubuntu.com> ]
* Revert manual changes to v8 build system since we're using the gyp flag now
- update debian/patches/fix-armhf-ftbfs.patch
[ Jani Monoses <jani@ubuntu.com> ]
* Attempt to fix armhf build again (LP: #943281)
- update debian/rules
* New upstream release from the Stable Channel (LP: #948749)
- fixes regression in the DOM [116789]
* New upstream release from the Stable Channel (LP: #948749)
- fixes regression in the DOM [116789]
[ Jani Monoses <jani@ubuntu.com> ]
* Fix FTBFS on armhf (LP: #943281)
- add debian/patches/fix-armhf-ftbfs.patch
- update debian/patches/series
* New upstream release from the Stable Channel (LP: #946914)
- Cursors and backgrounds sometimes do not load [111218]
- Plugins not loading on some pages [108228]
- Text paste includes trailing spaces [106551]
- Websites using touch controls break [110332]
This release fixes the following security issues:
- [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
to Chamal de Silva.
- [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
to Arthur Gerkis.
- [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
library. Credit to Aki Helin of OUSPG.
- [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
Credit to Arthur Gerkis.
- [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
Arthur Gerkis.
- [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
miaubiz.
- [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
block splitting. Credit to miaubiz.
- [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
Credit to miaubiz.
- [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
miaubiz.
- [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
to miaubiz.
- [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
Credit to miaubiz.
- [114219] High CVE-2011-3042: Use-after-free in table section handling.
Credit to miaubiz.
- [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
to miaubiz.
- [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
Credit to Arthur Gerkis.
* New upstream release from the Stable Channel (LP: #946914)
- Cursors and backgrounds sometimes do not load [111218]
- Plugins not loading on some pages [108228]
- Text paste includes trailing spaces [106551]
- Websites using touch controls break [110332]
This release fixes the following security issues:
- [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
to Chamal de Silva.
- [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
to Arthur Gerkis.
- [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
library. Credit to Aki Helin of OUSPG.
- [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
Credit to Arthur Gerkis.
- [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
Arthur Gerkis.
- [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
miaubiz.
- [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
block splitting. Credit to miaubiz.
- [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
Credit to miaubiz.
- [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
miaubiz.
- [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
to miaubiz.
- [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
Credit to miaubiz.
- [114219] High CVE-2011-3042: Use-after-free in table section handling.
Credit to miaubiz.
- [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
to miaubiz.
- [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
Credit to Arthur Gerkis.
* Fix arm specific flags again; Use findstring instead of filter as arm
isn't the entire build arch name
- update debian/rules
* Add arm specific flags for arm*, not just armel; This allows building on
armhf successfully (we hope)
- update debian/rules
* Change chromium-browser-dbg to Priority: extra, Section: debug per lintian
- update debian/control
* Fix line endings in debian/copyright per lintian
- update debian/copyright
* Make copyright file UTF-8 per lintian
- update debian/copyright
* New upstream release from the Stable Channel (LP: #933262)
This release fixes the following security issues:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
* New upstream release from the Stable Channel (LP: #931905, #933262)
This release fixes the following security issues from 17.0.963.56:
- [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
Google Chrome Security Team (scarybeasts).
- [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
to miaubiz.
- [108695] High CVE-2011-3017: Possible use-after-free in database handling.
Credit to miaubiz.
- [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
Aki Helin of OUSPG.
- [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
Google Security Team.
- [111575] Medium CVE-2011-3020: Native client validator error. Credit to
Nick Bray of the Chromium development community.
- [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
Arthur Gerkis.
- [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
script. Credit to Google Chrome Security Team (Jorge Obes).
- [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
to pa_kt.
- [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
Credit to chrometot.
- [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
to Sławomir Błażek.
- [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
Credit to Jüri Aedla.
- [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
miaubiz.
This release fixes the following security issues from 17.0.963.46:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #931905)
This release fixes the following security issues:
- [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
Credit to Daniel Cheng of the Chromium development community.
- [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
Collin Payne.
- [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
to David Grogan of the Chromium development community.
- [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions. Credit to Devdatta Akhawe, UC Berkeley.
- [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
Credit to Aki Helin of OUSPG.
- [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
miaubiz.
- [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
Aki Helin of OUSPG.
- [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
Credit to Aki Helin of OUSPG.
- [108871] Critical CVE-2011-3961: Race condition after crash of utility
process. Credit to Shawn Goertzen.
- [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
to Aki Helin of OUSPG.
- [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
handling. Credit to Atte Kettunen of OUSPG.
- [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
Code Audit Labs of VulnHunt.com.
- [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
Błażek.
- [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
Credit to Aki Helin of OUSPG.
- [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
Carrillo.
- [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
Arthur Gerkis.
- [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
Arthur Gerkis.
- [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
Aki Helin of OUSPG.
- [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
to Arthur Gerkis.
- [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
Credit to Google Chrome Security Team (Inferno).
* Rebase patch
- update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
by name
- update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #923602, #897389)
(LP: #914648, #889711)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
This upload also includes the following security fixes from 16.0.912.75:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
This upload also includes the following fixes from 15.0.874.121:
- fix to a regression: SVG in iframe doesn't use specified dimensions
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler
[ Micah Gersten <micahg@ubuntu.com> ]
* Add patch to build with glib 2.31 (single entry header inclusion)
- add debian/patches/glib-header-single-entry.patch
- update debian/patches/series
[ Brandon Snider <brandonsnider@ubuntu.com> ]
* Refresh user agent patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #923602)
This release fixes the following security issues:
- [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
Arthur Gerkis.
- [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
navigation. Credit to Chamal de Silva.
- [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1415).
- [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
miaubiz.
- [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
Credit to Arthur Gerkis.
* New upstream release from the Stable Channel (LP: #914648, #889711)
This release fixes the following security issues:
- [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
Boris Zbarsky of Mozilla.
- [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
Jüri Aedla.
- [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
Credit to Google Chrome Security Team (Cris Neckar).
This upload also includes the following security fixes from 16.0.912.63:
- [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
to David Holloway of the Chromium development community.
- [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
Chrome Security Team (Inferno).
- [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
Aki Helin of OUSPG.
- [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
Luka Treiber of ACROS Security.
- [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
Aki Helin of OUSPG.
- [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array. Credit to Google Chrome Security Team (scarybeasts) and
Chu.
- [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling. Credit to Google Chrome Security Team (Cris Neckar).
- [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
Security Team.
- [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
Arthur Gerkis.
- [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
Arthur Gerkis.
- [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
Credit to Sławomir Błażek.
- [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
to Atte Kettunen of OUSPG.
- [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
references. Credit to Atte Kettunen of OUSPG.
- [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
Credit to Google Chrome Security Team (Marty Barbella).
- [107258] High CVE-2011-3904: Use-after-free in bidi handling. Credit to
Google Chrome Security Team (Inferno) and miaubiz.
This upload also includes the following security fixes from 15.0.874.121:
- [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
Christian Holler.
This upload also includes the following security fixes from 15.0.874.120:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
[ Brandon Snider <brandonsnider@ubuntu.com> ]
* Refresh patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel
[ Brandon Snider <brandonsnider@ubuntu.com> ]
* Refresh patch
- update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #889711)
This release fixes the following security issues:
- [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
Helin of OUSPG.
- [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
Vorbis media handlers. Credit to Aki Helin of OUSPG.
- [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
Credit to Andrew Scherkus of the Chromium development community.
- [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
Aki Helin of OUSPG.
- [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
Credit to Ken “strcpy” Russell of the Chromium development community.
- [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
reported through ZDI (ZDI-CAN-1416).
* New upstream release from the Stable Channel (LP: #881786)
- This release fixes a regression with regard to logging into certain
websites
* New upstream release from the Stable Channel (LP: #881786)
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
- update debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/webkit_rev_parser.patch
[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control
* New upstream release from the Stable Channel (LP: #881786)
- fix LP: #881607 - Error initializing NSS without a persistent database
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.
[ Chris Coulson <chris.coulson@canonical.com> ]
* Refresh patches
- update debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/webkit_rev_parser.patch
* Dropped patches, fixed upstream
- remove debian/patches/cups_1.5_build_fix.patch
- update debian/patches/series
* Don't depend on cdbs being installed to create a tarball
- update debian/rules
- update debian/cdbs/tarball.mk
[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control
* Don't depend on cdbs being installed to create a tarball
* Switch maintainer to Ubuntu Developers; Thanks to Fabien Tassin for all
his work on this package
- update debian/control
* Switch to internal libvpx; This makes updating easier after release
- update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
- update debian/control
* Switch to default libjpeg
- update debian/control
* Update Vcs-Bzr for precise
- update debian/control
* Drop the HTML5 video patch, now committed upstream
- remove debian/patches/html5-codecs-fix.patch
- update debian/patches/series
* Add a "Conflicts" with -inspector so that it gets removed
- update debian/control
* Build with the default gcc-4.6 on Oneiric
- update debian/control
- update debian/rules
* Refresh Patches
* New upstream release from the Stable Channel (LP: #858744)
This release fixes the following security issues:
+ Chromium issues (13.0.782.220):
- Trust in Diginotar Intermediate CAs revoked
+ Chromium issues (14.0.835.163):
- [49377] High CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi.
- [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
wbrana.
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
loading plug-ins. Credit to Michal Zalewski.
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
Mario Gomes.
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany.
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
to Mario Gomes.
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
to Jordi Chancel.
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
to Google Chrome Security Team (SkyLined).
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
Helin of OUSPG.
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
characters. Credit to Google Chrome Security Team (Inferno).
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
+ Chromium issues (14.0.835.202):
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
window prototype. Credit to Sergey Glazunov.
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
handling. Credit to Google Chrome Security Team (Inferno).
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
Credit to Zhenyao Mo.
+ Webkit issues (14.0.835.163):
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
user interaction. Credit to kuzzcc.
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
- [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
miaubiz.
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
to miaubiz.
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
handing. Credit to Sławomir Błażek, and independent later discoveries by
miaubiz and Google Chrome Security Team (Inferno).
- [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
Arthur Gerkis.
- [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
to miaubiz.
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
+ Webkit issues (14.0.835.202):
- [93788] High CVE-2011-2876: Use-after-free in text line box handling.
Credit to miaubiz.
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
miaubiz.
+ LibXML issue (14.0.835.163):
- [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
to Yang Dingning
+ V8 issues (14.0.835.163):
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
to Kostya Serebryany
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
Divricean.
- [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
- [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
to Christian Holler.
+ V8 issues (14.0.835.202):
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
bindings. Credit to Sergey Glazunov.
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
Credit to Sergey Glazunov.
[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
- update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
the upstream rename, and add a mapping flag to the grit converter
- update debian/rules
* New upstream release from the Stable Channel (LP: #858744)
This release fixes the following security issues:
+ Chromium issues (13.0.782.220):
- Trust in Diginotar Intermediate CAs revoked
+ Chromium issues (14.0.835.163):
- [49377] High CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi.
- [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
wbrana.
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
loading plug-ins. Credit to Michal Zalewski.
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
Mario Gomes.
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany.
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
to Mario Gomes.
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
to Jordi Chancel.
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
to Google Chrome Security Team (SkyLined).
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
Helin of OUSPG.
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
characters. Credit to Google Chrome Security Team (Inferno).
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
+ Chromium issues (14.0.835.202):
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
window prototype. Credit to Sergey Glazunov.
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
handling. Credit to Google Chrome Security Team (Inferno).
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
Credit to Zhenyao Mo.
+ Webkit issues (14.0.835.163):
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
user interaction. Credit to kuzzcc.
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
- [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
miaubiz.
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
to miaubiz.
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
handing. Credit to Sławomir Błażek, and independent later discoveries by
miaubiz and Google Chrome Security Team (Inferno).
- [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
Arthur Gerkis.
- [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
to miaubiz.
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
+ Webkit issues (14.0.835.202):
- [93788] High CVE-2011-2876: Use-after-free in text line box handling.
Credit to miaubiz.
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
miaubiz.
+ LibXML issue (14.0.835.163):
- [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
to Yang Dingning
+ V8 issues (14.0.835.163):
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
to Kostya Serebryany
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
Divricean.
- [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
- [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
to Christian Holler.
+ V8 issues (14.0.835.202):
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
bindings. Credit to Sergey Glazunov.
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
Credit to Sergey Glazunov.
[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
- update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
the upstream rename, and add a mapping flag to the grit converter
- update debian/rules
* Refresh Patches
[ Micah Gersten ]
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
- update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
- update debian/control
* Enable hardening on armel. LP: #641126.
* New upstream release from the Stable Channel
Packaging changes:
* Fix a FTBFS with cups 1.5.0 by including individual cups headers
- add debian/patches/cups_1.5_build_fix.patch
- update debian/patches/series
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #834922)
This release fixes the following security issues:
+ Chromium issues:
- [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google
Chrome Security Team (SkyLined).
+ Webkit issues:
- [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit
to Google Chrome Security Team (SkyLined) and independent later
discovery by miaubiz.
- [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit
to miaubiz.
- [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to
wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent
later discovery by miaubiz.
- [87453] High, CVE-2011-2826: Cross-origin violation with empty origins.
Credit to Sergey Glazunov.
- [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to
miaubiz.
- [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform
arrays. Credit to Sergey Glazunov.
+ libxml2 issue:
- [89402] High, CVE-2011-2821: Double free in libxml XPath handling.
Credit to Yang Dingning from NCNIPC, Graduate University of Chinese
Academy of Sciences.
* New upstream release from the Stable Channel
* Fix a FTBFS with cups 1.5.0 by including individual cups headers
- add debian/patches/cups_1.5_build_fix.patch
- update debian/patches/series
* Add libgles2-mesa-dev to Build-deps for Armel (only), fixing a FTBFS
- update debian/control
* New Major upstream release from the Stable Channel
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Add a "Conflicts" with -inspector so that it gets removed
- update debian/control
* Disable PIE for ARM on Oneiric too
- update debian/rules
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install
* Drop obsolete patches
- remove debian/patches/cups_cleanup_cr6883221.patch
- update debian/patches/series
[ Fabien Tassin <fta@ubuntu.com> ]
* New Major upstream release from the Stable Channel (LP: #819991)
This release fixes the following security issues:
+ Chromium issues:
- [75821] Medium, CVE-2011-2358: Always confirm an extension install via a
browser dialog. Credit to Sergey Glazunov.
- [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt.
Credit to kuzzcc.
- [79426] Low, CVE-2011-2361: Improve designation of strings in the basic
auth dialog. Credit to kuzzcc.
- [81307] Medium, CVE-2011-2782: File permissions error with drag and
drop. Credit to Evan Martin of the Chromium development community.
- [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI
extension install via a browser dialog. Credit to Sergey Glazunov.
- [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions.
Credit to kuzzcc.
- [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy
issue. Credit to kuzzcc.
- [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in
instantiation. Credit to Mario Gomes and kuzzcc.
- [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from
being web accessible. Credit to sirdarckcat of the Google Security Team.
- [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit
to Google Chrome Security Team (Inferno).
+ Webkit issues:
- [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking
in rendering. Credit to miaubiz and Martin Barbella.
- [83841] Low, CVE-2011-2784: Local file path disclosure via GL program
log. Credit to kuzzcc.
- [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always
on-screen. Credit to Olli Pettay of Mozilla.
- [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization.
Credit to Mikołaj Małecki.
- [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit
to miaubiz.
- [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit
to miaubiz.
- [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit
to miaubiz.
- [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration.
Credit to miaubiz.
- [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih
Wei-Long.
- [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google
Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium
development community.
- [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit
to miaubiz.
- [87925] High, CVE-2011-2799: Use-after-free in HTML range handling.
Credit to miaubiz.
- [88337] Medium, CVE-2011-2800: Leak of client-side redirect target.
Credit to Juho Nurminen.
- [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to
Christian Holler.
- [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to
miaubiz.
- [88889] High, CVE-2011-2818: Use-after-free in display box rendering.
Credit to Martin Barbella.
- [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to
Sergey Glazunov.
- [90222] High, CVE-2011-2819: Cross-origin violation in base URI
handling. Credit to Sergey Glazunov.
+ ICU 4.6 issue:
- [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang
Dingning from NCNIPC, Graduate University of Chinese Academy of
Sciences.
Packaging changes:
* Run the gclient hooks when creating the source tarball, as we need files
from the Native Client's integrated runtime (IRT) library.
Install the NaCL IRT files in the main deb
- update debian/rules
- update debian/chromium-browser.install
Packaging changes:
* Add Valencian (ca@valencia) to the list of supported langs for the
lang-packs
- update debian/rules
- update debian/control
* Add support for language variants in Grit, backported from trunk.
This is needed to support lang-codes like ca@valencia
- add debian/patches/grit_language_variants.patch
- update debian/patches/series
* Add a WANT_ONLY_WHITELISTED_NEW_LANGS knob to make it easier to
sync translations of new langs between all the branches
- update debian/rules
* Properly stop the keep-alive when the build fails
- update debian/rules
* Fix the HTML5 <video> tag regression in Oneiric by properly linking
libvpx so it's not being dropped from libffmpegsumo.so (LP: #795171)
- add debian/patches/html5-codecs-fix.patch
- update debian/patches/series
* Drop the -inspector package, its content has been merged into the main deb
in M12 and the deb remained empty since.
Also drop chromium-codecs-ffmpeg-nonfree, renamed in M5 to -extra
- update debian/control
- update debian/rules
* Backport of http://codereview.chromium.org/6883221 from M13 presumably
fixing the ARM ftbfs from the last update, and set use_cups=0 on armel
- add debian/patches/cups_cleanup_cr6883221.patch
- update debian/patches/series
- update debian/rules
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
This release fixes the following security issues:
+ WebKit issues:
- [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
Credit to miaubiz.
- [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
to miaubiz.
- [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
HTML parser. Credit to miaubiz.
- [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
Credit to miaubiz.
- [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
to miaubiz.
+ Chromium issues:
- [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
handling. Credit to Philippe Arteau.
- [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
Helin of OUSPG.
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
This release fixes the following security issues:
+ WebKit issues:
- [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
Credit to miaubiz.
- [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
to miaubiz.
- [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
HTML parser. Credit to miaubiz.
- [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
Credit to miaubiz.
- [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
to miaubiz.
+ Chromium issues:
- [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
handling. Credit to Philippe Arteau.
- [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
Helin of OUSPG.
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Web Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Removal of support for Google Gears
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
Packaging changes:
* Provide a batch of translations for the Unity quicklists, and update
the regular desktop translations
- update debian/chromium-browser.desktop
* Add a keep-alive script preventing the builders from killing the build
when it's not echoing anything for too long (useful when linking
the main binary with ld-bfd)
- add debian/keep-alive.sh
- update debian/rules
* Drop the gtk resize patch, now that upstream does it for us
- remove debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
detect that xdg-setting is present on the system (ensuring it's a recent
enough xdg-utils)
- update debian/chromium-browser.sh.in
- remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Drop the stored passwords patch
- remove debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Drop the dedicated webapp WMClass patch
- remove debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
* When building with a non-default g++, also link with the same version
- update debian/rules
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium-browser-inspector.install
- update debian/chromium-browser.dirs
- update debian/rules
* Drop the gtk resize patch, now that upstream does it for us
- remove debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Drop the xdg-utils patch and use the system xdg tools when we
detect that xdg-setting is present on the system (ensuring it's a recent
enough xdg-utils)
- update debian/chromium-browser.sh.in
- remove debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Drop the dedicated webapp WMClass patch
- remove debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
[ Fabien Tassin <fta@ubuntu.com> ]
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Integrated Sync into new settings pages
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
* Drop the stored passwords patch (fixed upstream)
- remove debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium-browser-inspector.install
- update debian/chromium-browser.dirs
- update debian/rules
* Update the location of the app_strings templates
- update debian/rules
* Don't build with libjpeg-turbo on armel, to prevent a FTBFS
- update debian/rules
* Rebase the GL dlopen patch
- update debian/patches/dlopen_sonamed_gl.patch
[ Micah Gersten <micahg@ubuntu.com> ]
* Don't have chromium-browser depend on chromium-browser-inspector anymore
it's now a transitional package; Change text of chromium-browser-inspector
to reflect its transitional nature
- update debian/control
* New Minor upstream release from the Stable Channel (LP: #787846)
This release fixes the following security issues:
+ WebKit issues:
- [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
Silva.
- [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
to Martin Barbella.
- [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
of the Chromium development community.
- other issues covered by CVE-2011-1802, CVE-2011-1803, CVE-2011-1805
+ GPU/WebGL issue:
- [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
(LP: #748881)
- update debian/chromium-browser.svg
* Don't build with libjpeg-turbo on armel, to prevent a FTBFS
- update debian/rules
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #787846)
This release fixes the following security issues:
+ WebKit issues:
- [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
Silva.
- [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
to Martin Barbella.
- [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
of the Chromium development community.
+ GPU/WebGL issue:
- [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
(LP: #748881)
- update debian/chromium-browser.svg
* New Minor upstream release from the Stable Channel (LP: #781822)
This release fixes the following security issues:
+ WebKit issues:
- [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
to Google Chrome Security Team (SkyLined).
- [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
to Google Chrome Security Team (Cris Neckar).
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #781822)
This release fixes the following security issues:
+ WebKit issues:
- [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
to Google Chrome Security Team (SkyLined).
- [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
to Google Chrome Security Team (Cris Neckar).
* New Minor upstream release from the Stable Channel (LP: #778822)
This release fixes the following security issues:
+ WebKit issues:
- [67923] High, CVE-2011-1793: stale pointer in SVG image handling
(credit: Mitz)
- [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
Inferno)
- [78948] High, CVE-2011-1795: integer underflow in forms handling
(credit: Cris Neckar)
- [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
Inferno)
- [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
wushi)
- [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
Inferno)
* Add a static quicklist for Unity allowing to open a new window (either regular
or incognito) or a fresh session with a temporary profile
- update debian/chromium-browser.desktop
* Don't let scour touch the svg files (LP: #748881)
- update debian/rules
* Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
workaround.
- update debian/rules
* Build with gcc-4.5 on Oneiric for now. It's not ready for 4.6
- update debian/control
- update debian/rules
[ Fabien Tassin <fta@ubuntu.com> ]
* New Minor upstream release from the Stable Channel (LP: #778822)
This release fixes the following security issues:
+ WebKit issues:
- [67923] High, CVE-2011-1793: stale pointer in SVG image handling
(credit: Mitz)
- [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
Inferno)
- [78948] High, CVE-2011-1795: integer underflow in forms handling
(credit: Cris Neckar)
- [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
Inferno)
- [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
wushi)
- [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
Inferno)
* Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
workaround.
- update debian/rules
[ Micah Gersten <micahg@ubuntu.com> ]
* Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
- update debian/control
* New Major upstream release from the Stable Channel (LP: #771935)
This release fixes the following security issues:
+ WebKit issues:
- [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
Credit to Scott Hess of the Chromium development community and Martin
Barbella.
- [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
Chamal De Silva.
- [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
Credit to Kostya Serebryany of the Chromium development community.
- [73526] High, CVE-2011-1437: Integer overflows in float rendering.
Credit to miaubiz.
- [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
Credit to kuzzcc.
- [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Credit to Jose A. Vazquez.
- [75347] High, CVE-2011-1441: Bad cast with floating select lists.
Credit to Michael Griffiths.
- [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
Credit to Sergey Glazunov and wushi of team 509.
- [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
Martin Barbella.
- [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
wushi of team509.
- [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
with navigation errors and interrupted loads. Credit to kuzzcc.
- [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
Credit to miaubiz.
- [77130] High, CVE-2011-1448: Stale pointer in height calculations.
Credit to wushi of team509.
- [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
Marek Majkowski.
- [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
Sergey Glazunov.
- [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
to Sergey Glazunov.
+ Chromium issues:
- [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
Credit to Aki Helin.
- [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
capture local files. Credit to Cole Snodgrass.
- [72910] Low, CVE-2011-1436: Possible browser crash due to bad
interaction with X. Credit to miaubiz.
- [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
to Dan Rosenberg.
- [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
to kuzzcc.
- [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
reload. Credit to Jordi Chancel.
- [74763] High, CVE-2011-1439: Prevent interference between renderer
processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
- add debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Fix the dedicated webapp WMClass (needed by Unity/bamf).
Don't change the WMClass at all on XFCE where it is displayed to
the user as a title (which it isn't). This is a backport
of upstream revisions 82581 & 82672 (LP: #692462)
- update debian/patches/webapps-wm-class-lp692462.patch
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
- update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
- update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
- update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
the Launchpad translations already used in Ubuntu since Chromium 8)
- update debian/rules
* New Major upstream release from the Stable Channel (LP: #771935)
This release fixes the following security issues:
+ WebKit issues:
- [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
Credit to Scott Hess of the Chromium development community and Martin
Barbella.
- [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
Chamal De Silva.
- [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
Credit to Kostya Serebryany of the Chromium development community.
- [73526] High, CVE-2011-1437: Integer overflows in float rendering.
Credit to miaubiz.
- [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
Credit to kuzzcc.
- [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Credit to Jose A. Vazquez.
- [75347] High, CVE-2011-1441: Bad cast with floating select lists.
Credit to Michael Griffiths.
- [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
Credit to Sergey Glazunov and wushi of team 509.
- [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
Martin Barbella.
- [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
wushi of team509.
- [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
with navigation errors and interrupted loads. Credit to kuzzcc.
- [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
Credit to miaubiz.
- [77130] High, CVE-2011-1448: Stale pointer in height calculations.
Credit to wushi of team509.
- [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
Marek Majkowski.
- [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
Sergey Glazunov.
- [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
to Sergey Glazunov.
+ Chromium issues:
- [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
Credit to Aki Helin.
- [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
capture local files. Credit to Cole Snodgrass.
- [72910] Low, CVE-2011-1436: Possible browser crash due to bad
interaction with X. Credit to miaubiz.
- [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
to Dan Rosenberg.
- [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
to kuzzcc.
- [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
reload. Credit to Jordi Chancel.
- [74763] High, CVE-2011-1439: Prevent interference between renderer
processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
- add debian/patches/stored_passwords_lp743494.patch
- update debian/patches/series
* Fix the dedicated webapp WMClass (needed by Unity/bamf).
Don't change the WMClass at all on XFCE where it is displayed to
the user as a title (which it isn't). This is a backport
of upstream revisions 82581 & 82672 (LP: #692462)
- update debian/patches/webapps-wm-class-lp692462.patch
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
- update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
- update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
- update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
the Launchpad translations already used in Ubuntu since Chromium 8)
- update debian/rules
* New upstream minor release from the Stable Channel (LP: #762275)
This release fixes the following security issues:
- [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
Credit to Google Chrome Security Team (Inferno).
- [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
to Christoph Diehl.
* Make the default mail client and browser settings work with the
x-scheme-handler method of registering URI handlers in gnome3.
This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
<chris.coulson@canonical.com>, itself based on Bastien Nocera <hadess@hadess.net>
upstream fix (LP: #670128)
- add debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
- update debian/patches/series
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
called from apport/ubuntu-bug (LP: #759635)
- update debian/apport/chromium-browser.py
* Report a dedicated WMClass per webapp, needed by Unity/bamf.
(backported from trunk) (LP: #692462)
- add debian/patches/webapps-wm-class-lp692462.patch
- update debian/patches/series
* NaCL may be blacklisted, so only include it when it's actually been
built (fixes the ftbfs on arm) (LP: #745854)
- update debian/rules
- update debian/chromium-browser.install
* Harden the apport hooks in the extensions section
- update debian/apport/chromium-browser.py
* New upstream minor release from the Stable Channel (LP: #742118)
This release fixes the following security issues:
+ Webkit bugs:
- [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
to Sławomir Błażek.
- [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
to Sergey Glazunov.
- [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
Sergey Glazunov.
- [74991] High, CVE-2011-1295: DOM tree corruption with broken node
parentage. Credit to Sergey Glazunov.
- [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
to Sergey Glazunov.
+ Chromium bugs:
- [72517] High, CVE-2011-1291: Buffer error in base string handling.
Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
preventing a SIGILL crash on some boards (LP: #735877)
- update debian/control
* Install libppGoogleNaClPluginChrome.so (LP: #738331)
- update debian/rules
- update debian/chromium-browser.install
* New upstream security release from the Stable Channel (LP: #733514)
+ Webkit:
- CVE-2011-1290 [75712] High, Memory corruption in style handling. Credit
to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
through ZDI.
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
- update debian/rules
- update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
on maverick and natty
- update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
- update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
- update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
or git directories to be available at build time)
- add debian/patches/webkit_rev_parser.patch
- update debian/patches/series
* New upstream release from the Stable Channel (LP: #726895)
This release fixes the following security issues:
+ Webkit bugs:
- [54262] High, URL bar spoof with history interaction. Credit to Jordi
Chancel.
- [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
- [68741] High, Stale pointer with key frame rule. Credit to Sergey
Glazunov.
- [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
- [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
- [71114] High, Stale node in table child handling. Credit to Martin
Barbella.
- [71115] High, Stale pointer in table rendering. Credit to Martin
Barbella.
- [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
- [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
- [71388] High, Crash in textarea handling. Credit to wushi of team509.
- [71595] High, Stale pointer in device orientation. Credit to Sergey
Glazunov.
- [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
- [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
Security Team (Inferno).
- [73235] High, Stale pointer in layout. Credit to Martin Barbella.
+ Chromium bugs:
- [63732] High, Crash with javascript dialogs. Credit to Sergey
Radchenko.
- [64-bit only] [70376] Medium, Out-of-bounds read in pickle
deserialization. Credit to Evgeniy Stepanov of the Chromium development
community.
- [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
- [72214] High, Accidental exposure of internal extension functions.
Credit to Tavis Ormandy of the Google Security Team.
- [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
Silva.
* Bump the lang-pack package from Suggests to Recommends (LP: #689267)
- update debian/control
* Disable PIE on Armel/Lucid (LP: #716703)
- update debian/rules
* Add the disk usage to the Apport hooks
- update debian/apport/chromium-browser.py
* Drop gyp from Build-Depends, use in-source gyp instead
- update debian/control
* Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
- update debian/rules
- update debian/control
- add debian/chromium-codecs-ffmpeg-extra.install
- add debian/chromium-codecs-ffmpeg.install
* New upstream release from the Stable Channel (LP: #715357)
This release fixes the following security issues:
- [67234] High, Stale pointer in animation event handling. Credit to Rik
Cabanier.
- [68120] High, Use-after-free in SVG font faces. Credit to miaubiz.
- [69556] High, Stale pointer with anonymous block handling. Credit to
Martin Barbella.
- [69970] Medium, Out-of-bounds read in plug-in handling. Credit to Bill
Budge of Google.
- [70456] Medium, Possible failure to terminate process on out-of-memory
condition. Credit to David Warren of CERT/CC.
* Update the gl dlopen patch to search for libGLESv2.so.2 instead of .1
- update debian/patches/dlopen_sonamed_gl.patch
* New upstream release from the Stable Channel (LP: #712655)
This release fixes the following security issues:
- [55831] High, Use-after-free in image loading. Credit to Aki Helin of
OUSPG.
- [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
to Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low, Browser crash with extension with missing key. Credit to
Brian Kirchoff.
- [64669] Low, Handle merging of autofill profiles more gracefully. Credit
to Google Chrome Security Team (Inferno).
- [68244] Low, Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical, Race condition in audio handling. Credit to the gamers
of Reddit!
* Add the app/resources/app_strings.grd template to the list
of templates translated in Launchpad
- update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
- remove debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
now done in the upstream gyp files
- update debian/control
- update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
to execute mouse and keyboard events
- update debian/control
* Remove GNOME_DESKTOP_SESSION_ID from the Apport report, it's useless
- update debian/apport/chromium-browser.py
* Add a system to enable/disable distribution specific patches from the quilt
series
- add debian/enable-dist-patches.pl
- update debian/rules
* Disable the gtk resize grip on Natty (LP: #703451)
Original patch by Cody Russell <crussell@ubuntu.com>, ported to v9
- add debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Fix the libgnutls dlopen to look for the sonamed lib
- add debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs.
This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
the libosmesa6 package are installed
- add debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/series
- files added:
- debian/enable-dist-patches.pl
- debian/source
- files modified:
- debian/README.source
expand all
collapse all
added
removed
