| 39
|
|
|
Fabien Tassin |
10.0.648.205~r81283-0ubuntu1 |
13 years ago
|
 |
|
| 38
|
|
|
Fabien Tassin |
10.0.648.204~r79063-0ubuntu2 |
13 years ago
|
|
|
| 37
|
|
|
Fabien Tassin |
10.0.648.204~r79063-0ubuntu1 |
13 years ago
|
|
|
| 36
|
|
|
Fabien Tassin |
10.0.648.133~r77742-0ubuntu1 |
13 years ago
|
|
|
| 35
|
|
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
- update debian/rules
- update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
on maverick and natty
- update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
- update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
- update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
or git directories to be available at build time)
- add debian/patches/webkit_rev_parser.patch
- update debian/patches/series
|
Fabien Tassin |
10.0.648.127~r76697-0ubuntu1 |
13 years ago
|
|
|
| 34
|
|
* New upstream release from the Stable Channel (LP: #726895)
This release fixes the following security issues:
+ Webkit bugs:
- [54262] High, URL bar spoof with history interaction. Credit to Jordi
Chancel.
- [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
- [68741] High, Stale pointer with key frame rule. Credit to Sergey
Glazunov.
- [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
- [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
- [71114] High, Stale node in table child handling. Credit to Martin
Barbella.
- [71115] High, Stale pointer in table rendering. Credit to Martin
Barbella.
- [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
- [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
- [71388] High, Crash in textarea handling. Credit to wushi of team509.
- [71595] High, Stale pointer in device orientation. Credit to Sergey
Glazunov.
- [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
- [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
Security Team (Inferno).
- [73235] High, Stale pointer in layout. Credit to Martin Barbella.
+ Chromium bugs:
- [63732] High, Crash with javascript dialogs. Credit to Sergey
Radchenko.
- [64-bit only] [70376] Medium, Out-of-bounds read in pickle
deserialization. Credit to Evgeniy Stepanov of the Chromium development
community.
- [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
- [72214] High, Accidental exposure of internal extension functions.
Credit to Tavis Ormandy of the Google Security Team.
- [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
Silva.
* Bump the lang-pack package from Suggests to Recommends (LP: #689267)
- update debian/control
* Disable PIE on Armel/Lucid (LP: #716703)
- update debian/rules
* Add the disk usage to the Apport hooks
- update debian/apport/chromium-browser.py
* Drop gyp from Build-Depends, use in-source gyp instead
- update debian/control
* Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
- update debian/rules
- update debian/control
- add debian/chromium-codecs-ffmpeg-extra.install
- add debian/chromium-codecs-ffmpeg.install
|
Fabien Tassin |
9.0.597.107~r75357-0ubuntu1 |
13 years ago
|
|
|
| 33
|
|
|
Fabien Tassin |
9.0.597.94~r73967-0ubuntu1 |
13 years ago
|
|
|
| 32
|
|
* New upstream release from the Stable Channel (LP: #712655)
This release fixes the following security issues:
- [55831] High, Use-after-free in image loading. Credit to Aki Helin of
OUSPG.
- [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
to Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low, Browser crash with extension with missing key. Credit to
Brian Kirchoff.
- [65669] Low, Handle merging of autofill profiles more gracefully. Credit
to Google Chrome Security Team (Inferno).
- [68244] Low, Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical, Race condition in audio handling. Credit to the gamers
of Reddit!
* Add the app/resources/app_strings.grd template to the list
of templates translated in Launchpad
- update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
- remove debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
now done in the upstream gyp files
- update debian/control
- update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
to execute mouse and keyboard events
- update debian/control
* Remove GNOME_DESKTOP_SESSION_ID from the Apport report, it's useless
- update debian/apport/chromium-browser.py
* Add a system to enable/disable distribution specific patches from the quilt
series
- add debian/enable-dist-patches.pl
- update debian/rules
* Disable the gtk resize grip on Natty (LP: #703451)
Original patch by Cody Russell <crussell@ubuntu.com>, ported to v9
- add debian/patches/disable_gtk_resize_grip_on_natty.patch
- update debian/patches/series
* Fix the libgnutls dlopen to look for the sonamed lib
- add debian/patches/dlopen_libgnutls.patch
- update debian/patches/series
* Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs.
This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
the libosmesa6 package are installed
- add debian/patches/dlopen_sonamed_gl.patch
- update debian/patches/series
|
Fabien Tassin |
9.0.597.84~r72991-0ubuntu1 |
13 years ago
|
|
|
| 31
|
|
* New upstream release from the Stable Channel (LP: #702542)
This release fixes the following security issues:
- [58053] Medium, Browser crash in extensions notification handling. Credit
to Eric Roman of the Chromium development community.
- [65764] High, Bad pointer handling in node iteration. Credit to Sergey
Glazunov.
- [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
- [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
- [67303] High, Bad memory access with mismatched video frame sizes. Credit
to Aki Helin of OUSPG; plus independent discovery by Google Chrome
Security Team (SkyLined) and David Warren of CERT.
- [67363] High, Stale pointer with SVG use element. Credited anonymously;
plus indepdent discovery by miaubiz.
- [67393] Medium, Uninitialized pointer in the browser triggered by rogue
extension. Credit to kuzzcc.
- [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
CERT.
- [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
- [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
- [68439] High, Stale rendering node after DOM node removal. Credit to
Martin Barbella; plus independent discovery by Google Chrome Security
Team (SkyLined).
- [68666] Critical, Stale pointer in speech handling. Credit to Sergey
Glazunov.
* Add the chrome/app/policy/policy_templates.grd template to the list
of templates translated in Launchpad
- update debian/rules
* Add Basque and Galician to the list of supported langs for the lang-packs
(translations from Launchpad/Rosetta)
- update debian/rules
|
Fabien Tassin |
8.0.552.237~r70801-0ubuntu1 |
13 years ago
|
|
|
| 30
|
|
|
Fabien Tassin |
8.0.552.224~r68599-0ubuntu1 |
13 years ago
|
|
|
| 29
|
|
* New upstream Major release from the Stable Channel (LP: #684502), also
fixing the following security issues:
- [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
Security Team (SkyLined).
- [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
Panchbhai and Microsoft Vulnerability Research (MSVR).
- [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
Security Team (Inferno).
- [58319] Low, Prevent excessive file dialogs, possibly leading to browser
crash. Credit to Cezary Tomczak (gosu.pl).
- [59554] High, Use after free in history handling. Credit to Stefan
Troger.
- [59817] Medium, Make sure the “dangerous file types” list is uptodate
with the Windows platforms. Credit to Billy Rios of the Google Security
Team.
- [61701] Low, Browser crash with HTTP proxy authentication. Credit to
Mohammed Bouhlel.
- [61653] Medium, Out-of-bounds read regression in WebM video support.
Credit to Google Chrome Security Team (Chris Evans), based on earlier
testcases from Mozilla and Microsoft (MSVR).
- [62127] High, Crash due to bad indexing with malformed video. Credit to
miaubiz.
- [62168] Medium, Possible browser memory corruption via malicious
privileged extension. Credit to kuzzcc.
- [62401] High, Use after free with SVG animations. Credit to Sławomir
Błażek.
- [63051] Medium, Use after free in mouse dragging event handling. Credit
to kuzzcc.
- [63444] High, Double free in XPath handling. Credit to Yang Dingning from
NCNIPC, Graduate University of Chinese Academy of Sciences.
* Work-around a gcc 4.5 miscompilation bug causing regression in the
omnibar, breaking searches (LP: #664584)
- add debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
* Automatically merge Launchpad translations with the upstream grit files and
produce patches in the source tarball. Apply those patches at build time
during configure
- update debian/rules
* Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
entry of the desktop file (needed on Natty where handlers are no longer
searched for in gconf)
- update debian/chromium-browser.desktop
|
Fabien Tassin |
8.0.552.215~r67652-0ubuntu1 |
13 years ago
|
|
|
| 28
|
|
* New upstream Major release from the Stable Channel (LP: #671420), also
fixing the following security issues:
- [51602] High, Use-after-free in text editing. Credit to David Bloom of
the Google Security Team, Google Chrome Security Team (Inferno) and
Google Chrome Security Team (Cris Neckar).
- [55257] High, Memory corruption with enormous text area. Credit to wushi
of team509.
- [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc.
- [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang
Minh from Bkis (www.bkis.com).
- [58741] High, Use-after-free in text control selections. Credit to
“vkouchna”.
- [59320] High, Integer overflows in font handling. Credit to Aki Helin of
OUSPG.
- [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl.
- [60238] High, Bad use of destroyed frame object. Credit to various
developers, including “gundlach”.
- [60327] [60769] [61255] High, Type confusions with event objects. Credit
to “fam.lam” and Google Chrome Security Team (Inferno).
- [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi
of team509.
* Work-around a gcc 4.5 miscompilation bug causing a regression in the
omnibar, breaking searches (LP: #664584)
- add debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
|
Fabien Tassin |
7.0.517.44~r64615-0ubuntu1 |
13 years ago
|
|
|
| 27
|
|
* New upstream Major release from the Stable Channel (LP: #663523), also
fixing the following security issues:
- [48225] [51727] Medium, Possible autofill / autocomplete profile
spamming. Credit to Google Chrome Security Team (Inferno).
- [48857] High, Crash with forms. Credit to the Chromium development
community.
- [50428] Critical, Browser crash with form autofill. Credit to the
Chromium development community.
- [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc;
plus independent discovery by Jordi Chancel.
- [53002] Low, Pop-up block bypass. Credit to kuzzcc.
- [53985] Medium, Crash on shutdown with Web Sockets. Credit to the
Chromium development community.
- [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg,
Virtual Security Research.
- [54500] High, Possible memory corruption with animated GIF. Credit to
Simon Schaak.
- [54794] High, Failure to sandbox worker processes on Linux. Credit to
Google Chrome Security Team (Chris Evans).
- [56451] High, Stale elements in an element map. Credit to Michal Zalewski
of the Google Security Team.
* Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the
strict-aliasing issue in dtoa has been fixed
- drop debian/patches/no_tree_sink_v8.patch
- update debian/patches/series
* Drop the xdg-mime patch now that we catched up with v7
- drop debian/patches/xdg-utils-update.patch
* Disable -Werror when building with gcc 4.5 until
http://code.google.com/p/chromium/issues/detail?id=49533 gets fixed
- update debian/rules
* Fix the apport hook crash when the use_system key is unset (LP: #660579)
- update debian/apport/chromium-browser.py
|
Fabien Tassin |
7.0.517.41~r62167-0ubuntu1 |
13 years ago
|
|
|
| 26
|
|
|
Fabien Tassin |
6.0.472.63~r59945-0ubuntu2 |
13 years ago
|
|
|
| 25
|
|
|
Fabien Tassin |
6.0.472.63~r59945-0ubuntu1 |
13 years ago
|
|
|
| 24
|
|
|
Fabien Tassin |
6.0.472.62~r59676-0ubuntu1 |
13 years ago
|
|
|
| 23
|
|
* New upstream release from the Stable Channel (LP: #638736)
This release fixes the following security issues:
- [50250] High, Use-after-free when using document APIs during parse.
Credit to David Weston of Microsoft + Microsoft Vulnerability Research
(MSVR) and wushi of team 509 (independent discoveries).
- [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
- [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
- [51709] Low, Possible browser assert in cursor handling. Credit to
“magnusmorton”.
- [51919] High, Race condition in console handling. Credit to kuzzcc.
- [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
- [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
- [53930] High, Memory corruption in Khmer handling. Credit to Google
Chrome Security Team (Chris Evans).
- [54006] Low, Failure to prompt for extension history access. Credit to
“adriennefelt”.
* Don't build with PIE on armel for now, it fails to link.
- update debian/rules
|
Fabien Tassin |
6.0.472.59~r59126-0ubuntu1 |
13 years ago
|
|
|
| 22
|
|
|
Fabien Tassin |
6.0.472.55~r58392-0ubuntu1 |
13 years ago
|
|
|
| 21
|
|
* New upstream release from the Stable Channel (LP: #628924)
This release fixes the following security issues:
- [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
Google Chrome Security Team (Inferno) and “ironfist99”.
- [37201] Medium, URL bar visual spoofing with homographic sequences.
Credit to Chris Weber of Casaba Security.
- [41654] Medium, Apply more restrictions on setting clipboard content.
Credit to Brook Novak.
- [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
the Google Security Team.
- [45876] Medium, Possible installed extension enumeration. Credit to
Lostmon.
- [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
and Keith Campbell.
- [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
Glazunov.
- [50839] High, Notification permissions memory corruption. Credit to
Michal Zalewski of the Google Security Team and Google Chrome Security
Team (SkyLined).
- [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
Campbell and Google Chrome Security Team (Cris Neckar).
- [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
- [51727] Low, Avoid storing excessive autocomplete entries. Credit to
Google Chrome Security Team (Inferno).
- [52443] High, Stale pointer in focus handling. Credit to VUPEN
Vulnerability Research Team (VUPEN-SR-2010-249).
- [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
- [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
* Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
is installed, the set of usable codecs (at runtime) will still vary.
This is now done by setting proprietary_codecs=1 so we can drop our patch
- update debian/rules
- drop debian/patches/html5_video_mimetypes.patch
- update debian/patches/series
* Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API
- update debian/control
* Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
This is needed for Cloud Printing
- update debian/control
* Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and
DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS
- update debian/rules
* Install resources.pak in the main deb, and remove all resources/ accordingly
- update debian/chromium-browser.install
* Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME
Keyring and KWallet integration. See http://crbug.com/12351
- update debian/control
* Ship empty policy dirs (for now) in /etc/chromium-browser/policies
- update debian/rules
- update debian/chromium-browser.dirs
* Bump build-deps for gyp to >= 0.1~svn837
- update debian/control
* Drop the icedtea6-plugin workaround, it's no longer needed and it may cause
troubles when the default xulrunner contains older nss/nspr libs
- update debian/chromium-browser.sh.in
|
Fabien Tassin |
6.0.472.53~r57914-0ubuntu1 |
13 years ago
|
|
|
| 20
|
|
|
Fabien Tassin |
5.0.375.127~r55887-0ubuntu1 |
13 years ago
|
|
|
collapse all