39
|
|
|
Fabien Tassin |
10.0.648.205~r81283-0ubuntu1 |
13 years ago
|
|
|
38
|
|
|
Fabien Tassin |
10.0.648.204~r79063-0ubuntu2 |
13 years ago
|
|
|
37
|
|
|
Fabien Tassin |
10.0.648.204~r79063-0ubuntu1 |
13 years ago
|
|
|
36
|
|
|
Fabien Tassin |
10.0.648.133~r77742-0ubuntu1 |
13 years ago
|
|
|
35
|
|
* New upstream major release from the Stable Channel (LP: #731520) It includes: - New version of V8 - Crankshaft - which greatly improves javascript performance - New settings pages that open in a tab, rather than a dialog box - Improved security with malware reporting and disabling outdated plugins by default - Password sync as part of Chrome Sync now enabled by default - GPU Accelerated Video - Background WebApps - webNavigation extension API This release also fixes the following security issues: + Webkit bugs: - [42574] [42765] Low, Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team. - [69628] High, Memory corruption with counter nodes. Credit to Martin Barbella. - [70027] High, Stale node in box layout. Credit to Martin Barbella. - [70336] Medium, Cross-origin error message leak with workers. Credit to Daniel Divricean. - [70442] High, Use after free with DOM URL handling. Credit to Sergey Glazunov. - [70779] Medium, Out of bounds read handling unicode ranges. Credit to miaubiz. - [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de Silva. - [71763] High, Use-after-free in document script lifetime handling. Credit to miaubiz. - [72028] High, Stale pointer in table painting. Credit to Martin Barbella. - [73066] High, Crash with the DataView object. Credit to Sergey Glazunov. - [73134] High, Bad cast in text rendering. Credit to miaubiz. - [73196] High, Stale pointer in WebKit context code. Credit to Sergey Glazunov. - [73746] High, Stale pointer with SVG cursors. Credit to Sergey Glazunov. - [74030] High, DOM tree corruption with attribute handling. Credit to Sergey Glazunov. + Chromium bugs: - [49747] Low, Work around an X server bug and crash with long messages. Credit to Louis Lang. - [66962] Low, Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG. - [69187] Medium, Cross-origin error message leak. Credit to Daniel Divricean. - [70877] High, Same origin policy bypass in v8. Credit to Daniel Divricean. + v8: - [74662] High, Corruption via re-entrancy of RegExp code. Credit to Christian Holler. - [74675] High, Invalid memory access in v8. Credit to Christian Holler. + ffmpeg: - [71788] High, Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR. - [73026] High, Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team. + libxslt: - [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans). Packaging changes: * Promote Uyghur to the list of supported translations - update debian/rules - update debian/control * Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1 on maverick and natty - update debian/rules * Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574) - update debian/rules * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome - update debian/control * Fix the Webkit version in about:version (the build system expects the svn or git directories to be available at build time) - add debian/patches/webkit_rev_parser.patch - update debian/patches/series
|
Fabien Tassin |
10.0.648.127~r76697-0ubuntu1 |
13 years ago
|
|
|
34
|
|
* New upstream release from the Stable Channel (LP: #726895) This release fixes the following security issues: + Webkit bugs: - [54262] High, URL bar spoof with history interaction. Credit to Jordi Chancel. - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov. - [68741] High, Stale pointer with key frame rule. Credit to Sergey Glazunov. - [70078] High, Crash with forms controls. Credit to Stefan van Zanden. - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek. - [71114] High, Stale node in table child handling. Credit to Martin Barbella. - [71115] High, Stale pointer in table rendering. Credit to Martin Barbella. - [71296] High, Stale pointer in SVG animations. Credit to miaubiz. - [71386] High, Stale nodes in XHTML. Credit to wushi of team509. - [71388] High, Crash in textarea handling. Credit to wushi of team509. - [71595] High, Stale pointer in device orientation. Credit to Sergey Glazunov. - [71855] High, Integer overflow in textarea handling. Credit to miaubiz. - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). - [73235] High, Stale pointer in layout. Credit to Martin Barbella. + Chromium bugs: - [63732] High, Crash with javascript dialogs. Credit to Sergey Radchenko. - [64-bit only] [70376] Medium, Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz. - [72214] High, Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team. - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de Silva. * Bump the lang-pack package from Suggests to Recommends (LP: #689267) - update debian/control * Disable PIE on Armel/Lucid (LP: #716703) - update debian/rules * Add the disk usage to the Apport hooks - update debian/apport/chromium-browser.py * Drop gyp from Build-Depends, use in-source gyp instead - update debian/control * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package) - update debian/rules - update debian/control - add debian/chromium-codecs-ffmpeg-extra.install - add debian/chromium-codecs-ffmpeg.install
|
Fabien Tassin |
9.0.597.107~r75357-0ubuntu1 |
13 years ago
|
|
|
33
|
|
|
Fabien Tassin |
9.0.597.94~r73967-0ubuntu1 |
13 years ago
|
|
|
32
|
|
* New upstream release from the Stable Channel (LP: #712655) This release fixes the following security issues: - [55831] High, Use-after-free in image loading. Credit to Aki Helin of OUSPG. - [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom). - [62791] Low, Browser crash with extension with missing key. Credit to Brian Kirchoff. - [65669] Low, Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno). - [68244] Low, Browser crash with bad volume setting. Credit to Matthew Heidermann. - [69195] Critical, Race condition in audio handling. Credit to the gamers of Reddit! * Add the app/resources/app_strings.grd template to the list of templates translated in Launchpad - update debian/rules * Drop the gcc 4.5 work-around, applied upstream - remove debian/patches/gcc-4.5-build-workaround.patch - update debian/patches/series * Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds now done in the upstream gyp files - update debian/control - update debian/rules * Add libxtst-dev to Build-deps now that chromoting uses the XTest extension to execute mouse and keyboard events - update debian/control * Remove GNOME_DESKTOP_SESSION_ID from the Apport report, it's useless - update debian/apport/chromium-browser.py * Add a system to enable/disable distribution specific patches from the quilt series - add debian/enable-dist-patches.pl - update debian/rules * Disable the gtk resize grip on Natty (LP: #703451) Original patch by Cody Russell <crussell@ubuntu.com>, ported to v9 - add debian/patches/disable_gtk_resize_grip_on_natty.patch - update debian/patches/series * Fix the libgnutls dlopen to look for the sonamed lib - add debian/patches/dlopen_libgnutls.patch - update debian/patches/series * Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs. This assumes either the libgles2-mesa + libegl1-mesa packages (better) or the libosmesa6 package are installed - add debian/patches/dlopen_sonamed_gl.patch - update debian/patches/series
|
Fabien Tassin |
9.0.597.84~r72991-0ubuntu1 |
13 years ago
|
|
|
31
|
|
* New upstream release from the Stable Channel (LP: #702542) This release fixes the following security issues: - [58053] Medium, Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community. - [65764] High, Bad pointer handling in node iteration. Credit to Sergey Glazunov. - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov. - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský. - [67303] High, Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT. - [67363] High, Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz. - [67393] Medium, Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc. - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of CERT. - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov. - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov. - [68439] High, Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). - [68666] Critical, Stale pointer in speech handling. Credit to Sergey Glazunov. * Add the chrome/app/policy/policy_templates.grd template to the list of templates translated in Launchpad - update debian/rules * Add Basque and Galician to the list of supported langs for the lang-packs (translations from Launchpad/Rosetta) - update debian/rules
|
Fabien Tassin |
8.0.552.237~r70801-0ubuntu1 |
13 years ago
|
|
|
30
|
|
|
Fabien Tassin |
8.0.552.224~r68599-0ubuntu1 |
13 years ago
|
|
|
29
|
|
* New upstream Major release from the Stable Channel (LP: #684502), also fixing the following security issues: - [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome Security Team (SkyLined). - [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). - [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome Security Team (Inferno). - [58319] Low, Prevent excessive file dialogs, possibly leading to browser crash. Credit to Cezary Tomczak (gosu.pl). - [59554] High, Use after free in history handling. Credit to Stefan Troger. - [59817] Medium, Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. - [61701] Low, Browser crash with HTTP proxy authentication. Credit to Mohammed Bouhlel. - [61653] Medium, Out-of-bounds read regression in WebM video support. Credit to Google Chrome Security Team (Chris Evans), based on earlier testcases from Mozilla and Microsoft (MSVR). - [62127] High, Crash due to bad indexing with malformed video. Credit to miaubiz. - [62168] Medium, Possible browser memory corruption via malicious privileged extension. Credit to kuzzcc. - [62401] High, Use after free with SVG animations. Credit to Sławomir Błażek. - [63051] Medium, Use after free in mouse dragging event handling. Credit to kuzzcc. - [63444] High, Double free in XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. * Work-around a gcc 4.5 miscompilation bug causing regression in the omnibar, breaking searches (LP: #664584) - add debian/patches/gcc-4.5-build-workaround.patch - update debian/patches/series * Automatically merge Launchpad translations with the upstream grit files and produce patches in the source tarball. Apply those patches at build time during configure - update debian/rules * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType entry of the desktop file (needed on Natty where handlers are no longer searched for in gconf) - update debian/chromium-browser.desktop
|
Fabien Tassin |
8.0.552.215~r67652-0ubuntu1 |
13 years ago
|
|
|
28
|
|
* New upstream Major release from the Stable Channel (LP: #671420), also fixing the following security issues: - [51602] High, Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar). - [55257] High, Memory corruption with enormous text area. Credit to wushi of team509. - [58657] High, Bad cast with the SVG use element. Credit to the kuzzcc. - [58731] High, Invalid memory read in XPath handling. Credit to Bui Quang Minh from Bkis (www.bkis.com). - [58741] High, Use-after-free in text control selections. Credit to “vkouchna”. - [59320] High, Integer overflows in font handling. Credit to Aki Helin of OUSPG. - [60055] High, Memory corruption in libvpx. Credit to Christoph Diehl. - [60238] High, Bad use of destroyed frame object. Credit to various developers, including “gundlach”. - [60327] [60769] [61255] High, Type confusions with event objects. Credit to “fam.lam” and Google Chrome Security Team (Inferno). - [60688] High, Out-of-bounds array access in SVG handling. Credit to wushi of team509. * Work-around a gcc 4.5 miscompilation bug causing a regression in the omnibar, breaking searches (LP: #664584) - add debian/patches/gcc-4.5-build-workaround.patch - update debian/patches/series
|
Fabien Tassin |
7.0.517.44~r64615-0ubuntu1 |
13 years ago
|
|
|
27
|
|
* New upstream Major release from the Stable Channel (LP: #663523), also fixing the following security issues: - [48225] [51727] Medium, Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). - [48857] High, Crash with forms. Credit to the Chromium development community. - [50428] Critical, Browser crash with form autofill. Credit to the Chromium development community. - [51680] High, Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. - [53002] Low, Pop-up block bypass. Credit to kuzzcc. - [53985] Medium, Crash on shutdown with Web Sockets. Credit to the Chromium development community. - [54132] Low, Bad construction of PATH variable. Credit to Dan Rosenberg, Virtual Security Research. - [54500] High, Possible memory corruption with animated GIF. Credit to Simon Schaak. - [54794] High, Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). - [56451] High, Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team. * Drop the -fno-tree-sink workaround for the armel gcc inlining bug now that the strict-aliasing issue in dtoa has been fixed - drop debian/patches/no_tree_sink_v8.patch - update debian/patches/series * Drop the xdg-mime patch now that we catched up with v7 - drop debian/patches/xdg-utils-update.patch * Disable -Werror when building with gcc 4.5 until http://code.google.com/p/chromium/issues/detail?id=49533 gets fixed - update debian/rules * Fix the apport hook crash when the use_system key is unset (LP: #660579) - update debian/apport/chromium-browser.py
|
Fabien Tassin |
7.0.517.41~r62167-0ubuntu1 |
13 years ago
|
|
|
26
|
|
|
Fabien Tassin |
6.0.472.63~r59945-0ubuntu2 |
13 years ago
|
|
|
25
|
|
|
Fabien Tassin |
6.0.472.63~r59945-0ubuntu1 |
13 years ago
|
|
|
24
|
|
|
Fabien Tassin |
6.0.472.62~r59676-0ubuntu1 |
13 years ago
|
|
|
23
|
|
* New upstream release from the Stable Channel (LP: #638736) This release fixes the following security issues: - [50250] High, Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries). - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc. - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc. - [51709] Low, Possible browser assert in cursor handling. Credit to “magnusmorton”. - [51919] High, Race condition in console handling. Credit to kuzzcc. - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc. - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc. - [53930] High, Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans). - [54006] Low, Failure to prompt for extension history access. Credit to “adriennefelt”. * Don't build with PIE on armel for now, it fails to link. - update debian/rules
|
Fabien Tassin |
6.0.472.59~r59126-0ubuntu1 |
13 years ago
|
|
|
22
|
|
|
Fabien Tassin |
6.0.472.55~r58392-0ubuntu1 |
13 years ago
|
|
|
21
|
|
* New upstream release from the Stable Channel (LP: #628924) This release fixes the following security issues: - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”. - [37201] Medium, URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security. - [41654] Medium, Apply more restrictions on setting clipboard content. Credit to Brook Novak. - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team. - [45876] Medium, Possible installed extension enumeration. Credit to Lostmon. - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell. - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey Glazunov. - [50839] High, Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined). - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar). - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc. - [51727] Low, Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno). - [52443] High, Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249). - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team. - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson. * Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib is installed, the set of usable codecs (at runtime) will still vary. This is now done by setting proprietary_codecs=1 so we can drop our patch - update debian/rules - drop debian/patches/html5_video_mimetypes.patch - update debian/patches/series * Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API - update debian/control * Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends. This is needed for Cloud Printing - update debian/control * Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS - update debian/rules * Install resources.pak in the main deb, and remove all resources/ accordingly - update debian/chromium-browser.install * Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME Keyring and KWallet integration. See http://crbug.com/12351 - update debian/control * Ship empty policy dirs (for now) in /etc/chromium-browser/policies - update debian/rules - update debian/chromium-browser.dirs * Bump build-deps for gyp to >= 0.1~svn837 - update debian/control * Drop the icedtea6-plugin workaround, it's no longer needed and it may cause troubles when the default xulrunner contains older nss/nspr libs - update debian/chromium-browser.sh.in
|
Fabien Tassin |
6.0.472.53~r57914-0ubuntu1 |
13 years ago
|
|
|
20
|
|
|
Fabien Tassin |
5.0.375.127~r55887-0ubuntu1 |
13 years ago
|
|
|