39
|
|
|
Micah Gersten |
15.0.874.106~r107270-0ubuntu0.10.04.1 |
12 years ago
|
|
|
38
|
|
|
Micah Gersten |
14.0.835.202~r103287-0ubuntu0.10.04.2 |
12 years ago
|
|
|
37
|
|
|
Micah Gersten |
12.0.742.112~r90304-0ubuntu0.10.04.1 |
12 years ago
|
|
|
36
|
|
|
Micah Gersten |
12.0.742.91~r87961-0ubuntu0.10.04.1 |
12 years ago
|
|
|
35
|
|
|
Micah Gersten |
11.0.696.71~r86024-0ubuntu0.10.04.1 |
12 years ago
|
|
|
34
|
|
|
Micah Gersten |
11.0.696.68~r84545-0ubuntu0.10.04.1 |
12 years ago
|
|
|
33
|
|
|
Micah Gersten |
11.0.696.65~r84435-0ubuntu0.10.04.1 |
12 years ago
|
|
|
32
|
|
* New Major upstream release from the Stable Channel (LP: #771935) This release fixes the following security issues: + WebKit issues: - [61502] High, CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella. - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva. - [70589] Medium, CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community. - [73526] High, CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz. - [74653] High, CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc. - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez. - [75347] High, CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths. - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509. - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella. - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509. - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc. - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz. - [77130] High, CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509. - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski. - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov. - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov. + Chromium issues: - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin. - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass. - [72910] Low, CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz. - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc. - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel. - [74763] High, CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team. * Fix the password store regression from the last Chromium 10 update. Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494) - add debian/patches/stored_passwords_lp743494.patch - update debian/patches/series * Update the SVG logo to match the new simplified 2D logo (LP: #748881) - update debian/chromium-browser.svg * Ship the app icon in all the sizes provided upstream - update debian/rules * Add libpam0g-dev to Build-depends, needed by "Chromoting" - update debian/control * Enable the new use_third_party_translations flag at build time (it enables the Launchpad translations already used in Ubuntu since Chromium 8) - update debian/rules
|
Fabien Tassin |
11.0.696.57~r82915-0ubuntu0.10.04.1 |
12 years ago
|
|
|
31
|
|
* New upstream minor release from the Stable Channel (LP: #762275) This release fixes the following security issues: - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno). - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl. This releasse also contains the security fixes from 10.0.648.204~r79063 (which has been skipped by the sponsors) (LP: #742118) + Webkit bugs: - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek. - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov. - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov. - [74991] High, CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov. - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov. + Chromium bugs: - [72517] High, CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin. Packaging changes: * Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3) preventing a SIGILL crash on some boards (LP: #735877) - update debian/control * Install libppGoogleNaClPluginChrome.so (LP: #738331) - update debian/rules - update debian/chromium-browser.install * Fix the apport hooks to pass the expected 'ui' to add_info(), needed when called from apport/ubuntu-bug (LP: #759635) - update debian/apport/chromium-browser.py * NaCL may be blacklisted, so only include it when it's actually been built (fixes the ftbfs on arm) (LP: #745854) - update debian/rules - update debian/chromium-browser.install * Harden the apport hooks in the extensions section - update debian/apport/chromium-browser.py
|
Fabien Tassin |
10.0.648.205~r81283-0ubuntu0.10.04.1 |
13 years ago
|
|
|
30
|
|
|
Fabien Tassin |
10.0.648.133~r77742-0ubuntu0.10.04.1 |
13 years ago
|
|
|
29
|
|
* New upstream major release from the Stable Channel (LP: #731520) It includes: - New version of V8 - Crankshaft - which greatly improves javascript performance - New settings pages that open in a tab, rather than a dialog box - Improved security with malware reporting and disabling outdated plugins by default - Password sync as part of Chrome Sync now enabled by default - GPU Accelerated Video - Background WebApps - webNavigation extension API This release also fixes the following security issues: + Webkit bugs: - [42574] [42765] Low, Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team. - [69628] High, Memory corruption with counter nodes. Credit to Martin Barbella. - [70027] High, Stale node in box layout. Credit to Martin Barbella. - [70336] Medium, Cross-origin error message leak with workers. Credit to Daniel Divricean. - [70442] High, Use after free with DOM URL handling. Credit to Sergey Glazunov. - [70779] Medium, Out of bounds read handling unicode ranges. Credit to miaubiz. - [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de Silva. - [71763] High, Use-after-free in document script lifetime handling. Credit to miaubiz. - [72028] High, Stale pointer in table painting. Credit to Martin Barbella. - [73066] High, Crash with the DataView object. Credit to Sergey Glazunov. - [73134] High, Bad cast in text rendering. Credit to miaubiz. - [73196] High, Stale pointer in WebKit context code. Credit to Sergey Glazunov. - [73746] High, Stale pointer with SVG cursors. Credit to Sergey Glazunov. - [74030] High, DOM tree corruption with attribute handling. Credit to Sergey Glazunov. + Chromium bugs: - [49747] Low, Work around an X server bug and crash with long messages. Credit to Louis Lang. - [66962] Low, Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG. - [69187] Medium, Cross-origin error message leak. Credit to Daniel Divricean. - [70877] High, Same origin policy bypass in v8. Credit to Daniel Divricean. + v8: - [74662] High, Corruption via re-entrancy of RegExp code. Credit to Christian Holler. - [74675] High, Invalid memory access in v8. Credit to Christian Holler. + ffmpeg: - [71788] High, Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR. - [73026] High, Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team. + libxslt: - [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans). Packaging changes: * Promote Uyghur to the list of supported translations - update debian/rules - update debian/control * Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1 on maverick and natty - update debian/rules * Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574) - update debian/rules * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome - update debian/control * Fix the Webkit version in about:version (the build system expects the svn or git directories to be available at build time) - add debian/patches/webkit_rev_parser.patch - update debian/patches/series * Bump build-depends on libvpx-dev to >= 0.9.5 - update debian/control
|
Fabien Tassin |
10.0.648.127~r76697-0ubuntu0.10.04.1 |
13 years ago
|
|
|
28
|
|
* New upstream release from the Stable Channel (LP: #726895) This release fixes the following security issues: + Webkit bugs: - [54262] High, URL bar spoof with history interaction. Credit to Jordi Chancel. - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov. - [68741] High, Stale pointer with key frame rule. Credit to Sergey Glazunov. - [70078] High, Crash with forms controls. Credit to Stefan van Zanden. - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek. - [71114] High, Stale node in table child handling. Credit to Martin Barbella. - [71115] High, Stale pointer in table rendering. Credit to Martin Barbella. - [71296] High, Stale pointer in SVG animations. Credit to miaubiz. - [71386] High, Stale nodes in XHTML. Credit to wushi of team509. - [71388] High, Crash in textarea handling. Credit to wushi of team509. - [71595] High, Stale pointer in device orientation. Credit to Sergey Glazunov. - [71855] High, Integer overflow in textarea handling. Credit to miaubiz. - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). - [73235] High, Stale pointer in layout. Credit to Martin Barbella. + Chromium bugs: - [63732] High, Crash with javascript dialogs. Credit to Sergey Radchenko. - [64-bit only] [70376] Medium, Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz. - [72214] High, Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team. - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de Silva. * Bump the lang-pack package from Suggests to Recommends (LP: #689267) - update debian/control * Disable PIE on Armel/Lucid (LP: #716703) - update debian/rules * Add the disk usage to the Apport hooks - update debian/apport/chromium-browser.py * Drop gyp from Build-Depends, use in-source gyp instead - update debian/control * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package) - update debian/rules - update debian/control - add debian/chromium-codecs-ffmpeg-extra.install - add debian/chromium-codecs-ffmpeg.install
|
Fabien Tassin |
9.0.597.107~r75357-0ubuntu0.10.04.1 |
13 years ago
|
|
|
27
|
|
|
Fabien Tassin |
9.0.597.94~r73967-0ubuntu0.10.04.1 |
13 years ago
|
|
|
26
|
|
|
Fabien Tassin |
9.0.597.84~r72991-0ubuntu0.10.04.1 |
13 years ago
|
|
|
25
|
|
* New upstream release from the Stable Channel (LP: #702542) This release fixes the following security issues: - [58053] Medium, Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community. - [65764] High, Bad pointer handling in node iteration. Credit to Sergey Glazunov. - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov. - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský. - [67303] High, Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT. - [67363] High, Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz. - [67393] Medium, Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc. - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of CERT. - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov. - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov. - [68439] High, Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). - [68666] Critical, Stale pointer in speech handling. Credit to Sergey Glazunov. * Add the chrome/app/policy/policy_templates.grd template to the list of templates translated in Launchpad - update debian/rules * Add Basque and Galician to the list of supported langs for the lang-packs (translations from Launchpad/Rosetta) - update debian/rules
|
Fabien Tassin |
8.0.552.237~r70801-0ubuntu0.10.04.1 |
13 years ago
|
|
|
24
|
|
|
Fabien Tassin |
8.0.552.224~r68599-0ubuntu0.10.04.1 |
13 years ago
|
|
|
23
|
|
* New upstream Major release from the Stable Channel (LP: #684502), also fixing the following security issues: - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined). - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno). - [58319] Low, Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl). - [59554] High, Use after free in history handling. Credit to Stefan Troger. - [59817] Medium, Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. - [61701] Low, Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel. - [61653] Medium, Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR). - [62127] High, Crash due to bad indexing with malformed video. Credit to miaubiz. - [62168] Medium, Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc. - [62401] High, Use after free with SVG animations. Credit to Sławomir Błażek. - [63051] Medium, Use after free in mouse dragging event handling. Credit to kuzzcc. - [63444] High, Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. * Automatically merge Launchpad translations with the upstream grit files and produce patches in the source tarball. Apply those patches at build time during configure - update debian/rules
|
Fabien Tassin |
8.0.552.215~r67652-0ubuntu0.10.04.1 |
13 years ago
|
|
|
22
|
|
* New upstream Major release from the Stable Channel (LP: #671420), also fixing the following security issues: - [51602] High, Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar). - [55257] High, Memory corruption with enormous text area. Credit to wushi of team509. - [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc. - [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com). - [58741] High, Use-after-free in text control selections. Credit to “vkouchna”. - [59320] High, Integer overflows in font handling. Credit to Aki Helin of OUSPG. - [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl. - [60238] High, Bad use of destroyed frame object. Credit to various developers, including “gundlach”. - [60327] [60769] [61255] High, Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno). - [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi of team509.
|
Fabien Tassin |
7.0.517.44~r64615-0ubuntu0.10.04.1 |
13 years ago
|
|
|
21
|
|
* New upstream Major release from the Stable Channel (LP: #663523), also fixing the following security issues: - [48225] [51727] Medium, Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). - [48857] High, Crash with forms. Credit to the Chromium development community. - [50428] Critical, Browser crash with form autofill. Credit to the Chromium development community. - [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. - [53002] Low, Pop-up block bypass. Credit to kuzzcc. - [53985] Medium, Crash on shutdown with Web Sockets. Credit to the Chromium development community. - [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research. - [54500] High, Possible memory corruption with animated GIF. Credit to Simon Schaak. - [54794] High, Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). - [56451] High, Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team. * Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the strict-aliasing issue in dtoa has been fixed - drop debian/patches/no_tree_sink_v8.patch - update debian/patches/series * Disable -Werror when building with gcc 4.5 until http://code.google.com/p/chromium/issues/detail?id=49533 gets fixed - update debian/rules * Fix the apport hook crash when the use_system key is unset (LP: #660579) - update debian/apport/chromium-browser.py * Set CHROME_DESKTOP in the wrapper to help the default browser checker (LP: #513133) - update debian/chromium-browser.sh.in
|
Fabien Tassin |
7.0.517.41~r62167-0ubuntu0.10.04.1 |
13 years ago
|
|
|
20
|
|
* New upstream release from the Stable Channel (LP: #641699) This release fixes the following security issues: - [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509. - [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to Mike Belshe of the Chromium development community. - [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola of MindedSecurity. Also includes the following security issues from 6.0.472.59 (LP: #638736) - [50250] High, Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries). - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc. - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc. - [51709] Low, Possible browser assert in cursor handling. Credit to “magnusmorton”. - [51919] High, Race condition in console handling. Credit to kuzzcc. - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc. - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc. - [53930] High, Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans). - [54006] Low, Failure to prompt for extension history access. Credit to “adriennefelt”. * Don't build with PIE on armel for now, it fails to link. - update debian/rules * Add some translations for the "Name" field in the desktop file, and fix some "Comment" / "GenericName". Thanks to the Ubuntu translation team. See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to contribute more translations (LP: #631670)
|
Fabien Tassin |
6.0.472.62~r59676-0ubuntu0.10.04.1 |
13 years ago
|
|
|