51
|
|
|
Micah Gersten |
15.0.874.106~r107270-0ubuntu0.11.10.1 |
12 years ago
|
|
|
50
|
|
|
Micah Gersten |
14.0.835.202~r103287-0ubuntu1 |
12 years ago
|
|
|
49
|
|
|
Matthias Klose |
13.0.782.215~r97094-0ubuntu2 |
12 years ago
|
|
|
48
|
|
* New upstream release from the Stable Channel This release fixes the following security issues: + Chromium issues: - [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined). + Webkit issues: - [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. - [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. - [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. - [87453] High, CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov. - [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. - [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. + libxml2 issue: - [89402] High, CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Packaging changes: * Fix a FTBFS with cups 1.5.0 by including individual cups headers - add debian/patches/cups_1.5_build_fix.patch - update debian/patches/series
|
Fabien Tassin |
13.0.782.215~r97094-0ubuntu1 |
12 years ago
|
|
|
47
|
|
|
Fabien Tassin |
13.0.782.107~r94237-0ubuntu2 |
12 years ago
|
|
|
46
|
|
* New Major upstream release from the Stable Channel This release fixes the following security issues: + Chromium issues: - [75821] Medium, CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. - [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. - [79426] Low, CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. - [81307] Medium, CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. - [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. - [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. - [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. - [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. - [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. - [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). + Webkit issues: - [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. - [83841] Low, CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. - [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. - [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki. - [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. - [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. - [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. - [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. - [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. - [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. - [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. - [87925] High, CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. - [88337] Medium, CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. - [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. - [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. - [88889] High, CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. - [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. - [90222] High, CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov. + ICU 4.6 issue: - [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Packaging changes: * Add a "Conflicts" with -inspector so that it gets removed - update debian/control * Disable PIE for ARM on Oneiric too - update debian/rules * Run the gclient hooks when creating the source tarball, as we need files from the Native Client's integrated runtime (IRT) library. Install the NaCL IRT files in the main deb - update debian/rules - update debian/chromium-browser.install * Drop obsolete patches - remove debian/patches/cups_cleanup_cr6883221.patch - update debian/patches/series
|
Fabien Tassin |
13.0.782.107~r94237-0ubuntu1 |
12 years ago
|
|
|
45
|
|
* New Minor upstream release from the Stable Channel (LP: #803107) This release fixes the following security issues: + WebKit issues: - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz. - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. - [85211] High, CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz. - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz. + Chromium issues: - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG. Packaging changes: * Add Valencian (ca@valencia) to the list of supported langs for the lang-packs - update debian/rules - update debian/control * Add support for language variants in Grit, backported from trunk. This is needed to support lang-codes like ca@valencia - add debian/patches/grit_language_variants.patch - update debian/patches/series * Add a WANT_ONLY_WHITELISTED_NEW_LANGS knob to make it easier to sync translations of new langs between all the branches - update debian/rules * Properly stop the keep-alive when the build fails - update debian/rules * Fix the HTML5 <video> tag regression in Oneiric by properly linking libvpx so it's not being dropped from libffmpegsumo.so (LP: #795171) - add debian/patches/html5-codecs-fix.patch - update debian/patches/series * Drop the -inspector package, its content has been merged into the main deb in M12 and the deb remained empty since. Also drop chromium-codecs-ffmpeg-nonfree, renamed in M5 to -extra - update debian/control - update debian/rules * Backport of http://codereview.chromium.org/6883221 from M13 presumably fixing the ARM ftbfs from the last update, and set use_cups=0 on armel - add debian/patches/cups_cleanup_cr6883221.patch - update debian/patches/series - update debian/rules
|
Fabien Tassin |
12.0.742.112~r90304-0ubuntu1 |
12 years ago
|
|
|
44
|
|
|
Fabien Tassin |
12.0.742.91~r87961-0ubuntu1 |
12 years ago
|
|
|
43
|
|
|
Fabien Tassin |
11.0.696.71~r86024-0ubuntu1 |
12 years ago
|
|
|
42
|
|
|
Fabien Tassin |
11.0.696.68~r84545-0ubuntu1 |
12 years ago
|
|
|
41
|
|
|
Fabien Tassin |
11.0.696.65~r84435-0ubuntu1 |
12 years ago
|
|
|
40
|
|
* New Major upstream release from the Stable Channel (LP: #771935) This release fixes the following security issues: + WebKit issues: - [61502] High, CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella. - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva. - [70589] Medium, CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community. - [73526] High, CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz. - [74653] High, CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc. - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS. Credit to Jose A. Vazquez. - [75347] High, CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths. - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509. - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella. - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509. - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc. - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz. - [77130] High, CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509. - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski. - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov. - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov. + Chromium issues: - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin. - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass. - [72910] Low, CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz. - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc. - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel. - [74763] High, CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team. * Fix the password store regression from the last Chromium 10 update. Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494) - add debian/patches/stored_passwords_lp743494.patch - update debian/patches/series * Fix the dedicated webapp WMClass (needed by Unity/bamf). Don't change the WMClass at all on XFCE where it is displayed to the user as a title (which it isn't). This is a backport of upstream revisions 82581 & 82672 (LP: #692462) - update debian/patches/webapps-wm-class-lp692462.patch * Update the SVG logo to match the new simplified 2D logo (LP: #748881) - update debian/chromium-browser.svg * Ship the app icon in all the sizes provided upstream - update debian/rules * Add libpam0g-dev to Build-depends, needed by "Chromoting" - update debian/control * Enable the new use_third_party_translations flag at build time (it enables the Launchpad translations already used in Ubuntu since Chromium 8) - update debian/rules
|
Fabien Tassin |
|
12 years ago
|
|
|
39
|
|
|
Fabien Tassin |
10.0.648.205~r81283-0ubuntu1 |
13 years ago
|
|
|
38
|
|
|
Fabien Tassin |
10.0.648.204~r79063-0ubuntu2 |
13 years ago
|
|
|
37
|
|
|
Fabien Tassin |
10.0.648.204~r79063-0ubuntu1 |
13 years ago
|
|
|
36
|
|
|
Fabien Tassin |
10.0.648.133~r77742-0ubuntu1 |
13 years ago
|
|
|
35
|
|
* New upstream major release from the Stable Channel (LP: #731520) It includes: - New version of V8 - Crankshaft - which greatly improves javascript performance - New settings pages that open in a tab, rather than a dialog box - Improved security with malware reporting and disabling outdated plugins by default - Password sync as part of Chrome Sync now enabled by default - GPU Accelerated Video - Background WebApps - webNavigation extension API This release also fixes the following security issues: + Webkit bugs: - [42574] [42765] Low, Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team. - [69628] High, Memory corruption with counter nodes. Credit to Martin Barbella. - [70027] High, Stale node in box layout. Credit to Martin Barbella. - [70336] Medium, Cross-origin error message leak with workers. Credit to Daniel Divricean. - [70442] High, Use after free with DOM URL handling. Credit to Sergey Glazunov. - [70779] Medium, Out of bounds read handling unicode ranges. Credit to miaubiz. - [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de Silva. - [71763] High, Use-after-free in document script lifetime handling. Credit to miaubiz. - [72028] High, Stale pointer in table painting. Credit to Martin Barbella. - [73066] High, Crash with the DataView object. Credit to Sergey Glazunov. - [73134] High, Bad cast in text rendering. Credit to miaubiz. - [73196] High, Stale pointer in WebKit context code. Credit to Sergey Glazunov. - [73746] High, Stale pointer with SVG cursors. Credit to Sergey Glazunov. - [74030] High, DOM tree corruption with attribute handling. Credit to Sergey Glazunov. + Chromium bugs: - [49747] Low, Work around an X server bug and crash with long messages. Credit to Louis Lang. - [66962] Low, Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG. - [69187] Medium, Cross-origin error message leak. Credit to Daniel Divricean. - [70877] High, Same origin policy bypass in v8. Credit to Daniel Divricean. + v8: - [74662] High, Corruption via re-entrancy of RegExp code. Credit to Christian Holler. - [74675] High, Invalid memory access in v8. Credit to Christian Holler. + ffmpeg: - [71788] High, Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR. - [73026] High, Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team. + libxslt: - [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans). Packaging changes: * Promote Uyghur to the list of supported translations - update debian/rules - update debian/control * Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1 on maverick and natty - update debian/rules * Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574) - update debian/rules * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome - update debian/control * Fix the Webkit version in about:version (the build system expects the svn or git directories to be available at build time) - add debian/patches/webkit_rev_parser.patch - update debian/patches/series
|
Fabien Tassin |
10.0.648.127~r76697-0ubuntu1 |
13 years ago
|
|
|
34
|
|
* New upstream release from the Stable Channel (LP: #726895) This release fixes the following security issues: + Webkit bugs: - [54262] High, URL bar spoof with history interaction. Credit to Jordi Chancel. - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov. - [68741] High, Stale pointer with key frame rule. Credit to Sergey Glazunov. - [70078] High, Crash with forms controls. Credit to Stefan van Zanden. - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek. - [71114] High, Stale node in table child handling. Credit to Martin Barbella. - [71115] High, Stale pointer in table rendering. Credit to Martin Barbella. - [71296] High, Stale pointer in SVG animations. Credit to miaubiz. - [71386] High, Stale nodes in XHTML. Credit to wushi of team509. - [71388] High, Crash in textarea handling. Credit to wushi of team509. - [71595] High, Stale pointer in device orientation. Credit to Sergey Glazunov. - [71855] High, Integer overflow in textarea handling. Credit to miaubiz. - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). - [73235] High, Stale pointer in layout. Credit to Martin Barbella. + Chromium bugs: - [63732] High, Crash with javascript dialogs. Credit to Sergey Radchenko. - [64-bit only] [70376] Medium, Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz. - [72214] High, Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team. - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de Silva. * Bump the lang-pack package from Suggests to Recommends (LP: #689267) - update debian/control * Disable PIE on Armel/Lucid (LP: #716703) - update debian/rules * Add the disk usage to the Apport hooks - update debian/apport/chromium-browser.py * Drop gyp from Build-Depends, use in-source gyp instead - update debian/control * Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package) - update debian/rules - update debian/control - add debian/chromium-codecs-ffmpeg-extra.install - add debian/chromium-codecs-ffmpeg.install
|
Fabien Tassin |
9.0.597.107~r75357-0ubuntu1 |
13 years ago
|
|
|
33
|
|
|
Fabien Tassin |
9.0.597.94~r73967-0ubuntu1 |
13 years ago
|
|
|
32
|
|
* New upstream release from the Stable Channel (LP: #712655) This release fixes the following security issues: - [55831] High, Use-after-free in image loading. Credit to Aki Helin of OUSPG. - [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom). - [62791] Low, Browser crash with extension with missing key. Credit to Brian Kirchoff. - [65669] Low, Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno). - [68244] Low, Browser crash with bad volume setting. Credit to Matthew Heidermann. - [69195] Critical, Race condition in audio handling. Credit to the gamers of Reddit! * Add the app/resources/app_strings.grd template to the list of templates translated in Launchpad - update debian/rules * Drop the gcc 4.5 work-around, applied upstream - remove debian/patches/gcc-4.5-build-workaround.patch - update debian/patches/series * Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds now done in the upstream gyp files - update debian/control - update debian/rules * Add libxtst-dev to Build-deps now that chromoting uses the XTest extension to execute mouse and keyboard events - update debian/control * Remove GNOME_DESKTOP_SESSION_ID from the Apport report, it's useless - update debian/apport/chromium-browser.py * Add a system to enable/disable distribution specific patches from the quilt series - add debian/enable-dist-patches.pl - update debian/rules * Disable the gtk resize grip on Natty (LP: #703451) Original patch by Cody Russell <crussell@ubuntu.com>, ported to v9 - add debian/patches/disable_gtk_resize_grip_on_natty.patch - update debian/patches/series * Fix the libgnutls dlopen to look for the sonamed lib - add debian/patches/dlopen_libgnutls.patch - update debian/patches/series * Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs. This assumes either the libgles2-mesa + libegl1-mesa packages (better) or the libosmesa6 package are installed - add debian/patches/dlopen_sonamed_gl.patch - update debian/patches/series
|
Fabien Tassin |
9.0.597.84~r72991-0ubuntu1 |
13 years ago
|
|
|