980
|
|
|
Pali Rohár |
8 years ago
|
|
|
979
|
|
|
Pali Rohár |
8 years ago
|
|
|
978
|
|
|
Pali Rohár |
8 years ago
|
|
|
977
|
|
|
Pali Rohár |
8 years ago
|
|
|
976
|
|
|
Chad MILLER |
8 years ago
|
|
|
975
|
|
|
Chad MILLER |
8 years ago
|
|
|
974
|
|
|
Chad MILLER |
8 years ago
|
|
|
973
|
|
|
Chad MILLER |
8 years ago
|
|
|
972
|
|
|
Chad MILLER |
8 years ago
|
|
|
971
|
|
[Chad Miller] * Upstream release 43.0.2357.130: - CVE-2015-1266: Scheme validation error in WebUI. - CVE-2015-1268: Cross-origin bypass in Blink. - CVE-2015-1267: Cross-origin bypass in Blink. - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. * debian/tests/smoketest-actual: Capture web-server log so we can get port and test retreival. Fixes autopkgtest failures. * debian/patches/widevine-other-locations: Search Chrome install location to find widevine plugins. * Use new Flash plugin name in apport collector. * debian/patches/gpu_default_disabled: Make GPU activation a (default off) preference instead of blacklisting. [Iain Lane] * Test fixes. * debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11 which are required by the testsuite. * debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so that the test can read these. * Upstream release 43.0.2357.81. - "Icons not displaying properly on Linux" (LP: #1449063) * Upstream release 43.0.2357.65: - CVE-2015-1252: Sandbox escape in Chrome. - CVE-2015-1253: Cross-origin bypass in DOM. - CVE-2015-1254: Cross-origin bypass in Editing. - CVE-2015-1255: Use-after-free in WebAudio. - CVE-2015-1256: Use-after-free in SVG. - CVE-2015-1251: Use-after-free in Speech. - CVE-2015-1257: Container-overflow in SVG. - CVE-2015-1258: Negative-size parameter in Libvpx. - CVE-2015-1259: Uninitialized value in PDFium. - CVE-2015-1260: Use-after-free in WebRTC. - CVE-2015-1261: URL bar spoofing. - CVE-2015-1262: Uninitialized value in Blink. - CVE-2015-1263: Insecure download of spellcheck dictionary. - CVE-2015-1264: Cross-site scripting in bookmarks. - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21). * debian/patches/display-scaling-report-hardware-info: removed, unnecessary. * debian/patches/coordinate-space-map: removed, unnecessary. * debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until ARM works. * debian/chromium-browser.sh.in: Add --verbose to get logging info. * debian/patches/{notifications-nicer,mir-support}: disable unnecessary patches. * debian/control, debian/chromium-browser.sh.in: Prompt nothing about Flash plugin. Send Help clicks to Wiki instead. * Upstream release 42.0.2311.135: - CVE-2015-1243: Use-after-free in DOM. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 42.0.2311.90: - CVE-2015-1235: Cross-origin-bypass in HTML parser. - CVE-2015-1236: Cross-origin-bypass in Blink. - CVE-2015-1237: Use-after-free in IPC. - CVE-2015-1238: Out-of-bounds write in Skia. - CVE-2015-1240: Out-of-bounds read in WebGL. - CVE-2015-1241: Tap-Jacking. - CVE-2015-1242: Type confusion in V8. - CVE-2015-1244: HSTS bypass in WebSockets. - CVE-2015-1245: Use-after-free in PDFium. - CVE-2015-1247: Scheme issues in OpenSearch. - CVE-2015-1248: SafeBrowsing bypass. * Upstream release 41.0.2272.118: - CVE-2015-1233: A special thanks to Anonymous for a combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2015-1234: Buffer overflow via race condition in GPU. * Change assumed X-resource DPI from 108 to 96. That's closer to 100. * Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val nonzero on failure. * debian/generate-snappy.mk, debian/rules: Start to generate snap packages if available. * debian/chromium-browser.sh.in: Test for /etc/ dir before listing it. * debian/chromium-browser.sh.in, debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users to update flash player. * debian/chromium-browser-etc-customizations-flash-staleness: Pass only one flash-player start param to chromium. Prefer the new one. * debian/patches/arm-neon.patch: exclude new armv7=neon assumptions. * debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all contribute to the largest crash report in errors.ubuntu.com. Let's disable GPUs for now. * debian/chromium-browser.sh.in: Presence of old Flash is not a reason to suggest new plugin. If new plugin exists, be silent. Do not rely on new plugin to Conflicts and remove all the old bad ones. * debian/patches/enable_vaapi_on_linux.diff: Enable video acceleration library. * debian/patches/fix_building_widevinecdm_with_chromium.patch: If exterior-sourced widevine library exists at run-time, use it.
|
Chad MILLER |
8 years ago
|
|
|
970
|
|
|
Chad MILLER |
8 years ago
|
|
|
969
|
|
|
Chad MILLER |
8 years ago
|
|
|
968
|
|
|
Chad MILLER |
8 years ago
|
|
|
967
|
|
|
Chad MILLER |
8 years ago
|
|
|
966
|
|
|
Chad MILLER |
8 years ago
|
|
|
965
|
|
|
Chad MILLER |
8 years ago
|
|
|
964
|
|
|
Chad MILLER |
8 years ago
|
|
|
963
|
|
|
Chad MILLER |
8 years ago
|
|
|
962
|
|
|
Chad MILLER |
9 years ago
|
|
|
961
|
|
|
Chad MILLER |
9 years ago
|
|
|