-
Committer:
Bazaar Package Importer
-
Author(s):
Fabien Tassin
-
Date:
2010-12-02 20:32:06 UTC
-
Revision ID:
james.westby@ubuntu.com-20101202203206-5rg5docadibxlz7y
Tags: 8.0.552.215~r67652-0ubuntu1
* New upstream Major release from the Stable Channel (LP: #684502), also
fixing the following security issues:
- [17655] Low, Possible pop-up blocker bypass. Credit to Google Chrome
Security Team (SkyLined).
- [55745] Medium, Cross-origin video theft with canvas. Credit to Nirankush
Panchbhai and Microsoft Vulnerability Research (MSVR).
- [56237] Low, Browser crash with HTML5 databases. Credit to Google Chrome
Security Team (Inferno).
- [58319] Low, Prevent excessive file dialogs, possibly leading to browser
crash. Credit to Cezary Tomczak (gosu.pl).
- [59554] High, Use after free in history handling. Credit to Stefan
Troger.
- [59817] Medium, Make sure the “dangerous file types” list is uptodate
with the Windows platforms. Credit to Billy Rios of the Google Security
Team.
- [61701] Low, Browser crash with HTTP proxy authentication. Credit to
Mohammed Bouhlel.
- [61653] Medium, Out-of-bounds read regression in WebM video support.
Credit to Google Chrome Security Team (Chris Evans), based on earlier
testcases from Mozilla and Microsoft (MSVR).
- [62127] High, Crash due to bad indexing with malformed video. Credit to
miaubiz.
- [62168] Medium, Possible browser memory corruption via malicious
privileged extension. Credit to kuzzcc.
- [62401] High, Use after free with SVG animations. Credit to Sławomir
Błażek.
- [63051] Medium, Use after free in mouse dragging event handling. Credit
to kuzzcc.
- [63444] High, Double free in XPath handling. Credit to Yang Dingning from
NCNIPC, Graduate University of Chinese Academy of Sciences.
* Work-around a gcc 4.5 miscompilation bug causing regression in the
omnibar, breaking searches (LP: #664584)
- add debian/patches/gcc-4.5-build-workaround.patch
- update debian/patches/series
* Automatically merge Launchpad translations with the upstream grit files and
produce patches in the source tarball. Apply those patches at build time
during configure
- update debian/rules
* Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
entry of the desktop file (needed on Natty where handlers are no longer
searched for in gconf)
- update debian/chromium-browser.desktop