Change log for chromium-browser package in Debian
1 → 75 of 294 results | First • Previous • Next • Last |
Published in stretch-release |
chromium-browser (70.0.3538.110-1~deb9u1) stretch-security; urgency=medium * New upstream security release. - CVE-2018-17479: Use-after-free in GPU. -- Michael Gilbert <email address hidden> Wed, 21 Nov 2018 02:17:45 +0000
Deleted in sid-release (Reason: None provided.) |
chromium-browser (70.0.3538.110-1) unstable; urgency=medium * New upstream security release. - CVE-2018-17479: Use-after-free in GPU. -- Michael Gilbert <email address hidden> Tue, 20 Nov 2018 00:45:46 +0000
Superseded in sid-release |
chromium-browser (70.0.3538.102-1) unstable; urgency=medium * New upstream security release. - CVE-2018-17478: Out of bounds memory access in V8. Reported by cloudfuzzer * Fix new lintian warnings. * Drop libjs-excanvas build dependency. * Add support for building with harfbuzz 2.1.1. * Document how to run chromium as root (closes: #838534). * Output debian specific instructions when no working sandbox is available. * Do not rely on transitive recommendation for the sandbox (closes: #913116). -- Michael Gilbert <email address hidden> Fri, 16 Nov 2018 03:12:53 +0000
Superseded in stretch-release |
chromium-browser (69.0.3497.92-1~deb9u1) stretch-security; urgency=medium * New upstream security release. - Function signature mismatch in WebAssembly. Reported by Kevin Cheung - URL Spoofing in Omnibox. Reported by evi1m0 -- Michael Gilbert <email address hidden> Fri, 14 Sep 2018 00:48:39 +0000
Superseded in sid-release |
chromium-browser (70.0.3538.67-3) unstable; urgency=medium * Fix a compiler warning. * Move the setuid sandbox into a separate package (closes: #839277). -- Michael Gilbert <email address hidden> Sat, 03 Nov 2018 17:30:16 +0000
chromium-browser (70.0.3538.67-2) unstable; urgency=medium * Restore support for building with gtk2. -- Michael Gilbert <email address hidden> Tue, 23 Oct 2018 01:11:35 +0000
chromium-browser (70.0.3538.67-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson and Niklas Baumstark - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson and Niklas Baumstark - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian - CVE-2018-17466: Memory corruption in Angle. Reported by Omair - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton * Fix build failure on i386. * Fix installation path of the master preferences file (closes: #911056). -- Michael Gilbert <email address hidden> Tue, 16 Oct 2018 12:36:22 +0000
Superseded in sid-release |
chromium-browser (70.0.3538.54-2) unstable; urgency=medium * Build with gcc 8 (closes: #901368). * Move the master preferences file to /etc/chromium (closes: #891232). -- Michael Gilbert <email address hidden> Sun, 14 Oct 2018 00:49:46 +0000
Superseded in sid-release |
chromium-browser (70.0.3538.54-1) unstable; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 13 Oct 2018 04:18:08 +0000
Superseded in sid-release |
chromium-browser (69.0.3497.100-1) unstable; urgency=medium * New upstream stable release. * Update standards version to 4.2.1. * Clarify debugging section in README.debian (closes: #910842). * Remove ConvertUTF from the upstream tarball (closes: #900596). * Load all extensions installed to /usr/share/chromium/extensions. - Thanks to Michael Meskes (closes: #890392). * Remove audio_capture_enable setting from the default preferences (closes: #884887). -- Michael Gilbert <email address hidden> Sat, 13 Oct 2018 02:35:46 +0000
chromium-browser (69.0.3497.92-1) unstable; urgency=medium * New upstream security release. - Function signature mismatch in WebAssembly. Reported by Kevin Cheung - URL Spoofing in Omnibox. Reported by evi1m0 -- Michael Gilbert <email address hidden> Thu, 13 Sep 2018 03:12:53 +0000
chromium-browser (69.0.3497.81-3) unstable; urgency=medium * Move another file needed for the armhf build to where it is expected. -- Michael Gilbert <email address hidden> Fri, 07 Sep 2018 00:06:13 +0000
Superseded in sid-release |
chromium-browser (69.0.3497.81-2) unstable; urgency=medium * Disable swiftshader. * Move file needed for the armhf build to where it is expected. * Document disabled built-in extensions in README.debian (closes: #886358). -- Michael Gilbert <email address hidden> Thu, 06 Sep 2018 01:45:12 +0000
Superseded in sid-release |
chromium-browser (69.0.3497.81-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka - CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer - CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin - CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand - CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand - CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric - CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu - CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu - CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila - CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic - CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero - CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks - CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù - CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani - CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn - CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair - CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich - CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu - CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin -- Michael Gilbert <email address hidden> Wed, 05 Sep 2018 00:01:50 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (69.0.3497.12-1) experimental; urgency=medium * New upstream development release. - Fixes an error that can occur on pages containing xml (closes: #865592). * Install swiftshader libraries to /usr/lib/chromium (closes: #901831). -- Michael Gilbert <email address hidden> Sun, 29 Jul 2018 09:30:34 +0000
chromium-browser (68.0.3440.75-2) unstable; urgency=medium * Restore a mistakenly omitted call to InitializeFFmpeg (closes: #902909). -- Michael Gilbert <email address hidden> Thu, 26 Jul 2018 00:37:11 +0000
Superseded in sid-release |
chromium-browser (68.0.3440.75-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - CVE-2018-6044: Request privilege escalation in Extensions . Reported by Rob Wu - CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu - CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu - CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu - CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou - CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin - CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu - CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 - CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang - CVE-2018-6169: Permissions bypass in extension installation . Reported by Sam P - CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous - CVE-2018-6171: Use after free in WebBluetooth. - CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand - CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn - CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas - CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani - CVE-2018-6179: Local file information leak in Extensions. -- Michael Gilbert <email address hidden> Wed, 25 Jul 2018 00:28:20 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (68.0.3440.42-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 30 Jun 2018 17:46:03 +0000
Superseded in stretch-release |
chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium * New upstream stable release. - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported by Junaid Farhan -- Michael Gilbert <email address hidden> Sun, 03 Dec 2017 15:26:02 +0000
Superseded in experimental-release |
chromium-browser (68.0.3440.33-1) experimental; urgency=medium * New upstream beta release. * Build using upstream's "lite" tarball. * Restore decoder initialization from chromium 66 to maintain compatibility with ffmpeg 3.4 (closes: #900533). -- Michael Gilbert <email address hidden> Fri, 29 Jun 2018 20:48:51 +0000
Superseded in experimental-release |
chromium-browser (68.0.3440.25-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sun, 24 Jun 2018 16:32:18 +0000
Superseded in experimental-release |
chromium-browser (68.0.3440.17-1) experimental; urgency=medium * New upstream beta release. * Recommend upower and notification-daemon. -- Michael Gilbert <email address hidden> Mon, 11 Jun 2018 04:40:58 +0000
chromium-browser (67.0.3396.87-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and Jundong Xie -- Michael Gilbert <email address hidden> Tue, 19 Jun 2018 12:13:46 +0000
chromium-browser (67.0.3396.79-2) unstable; urgency=medium * Use embedded ffmpeg code copy (closes: #900533). -- Michael Gilbert <email address hidden> Mon, 11 Jun 2018 00:33:39 +0000
Superseded in experimental-release |
chromium-browser (68.0.3440.7-1) experimental; urgency=medium * New upstream development release. -- Michael Gilbert <email address hidden> Sun, 10 Jun 2018 23:44:14 +0000
Superseded in sid-release |
chromium-browser (67.0.3396.79-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał Bentkowski -- Michael Gilbert <email address hidden> Sun, 10 Jun 2018 21:48:45 +0000
Superseded in sid-release |
chromium-browser (67.0.3396.62-2) unstable; urgency=medium * Fix build on arm64/armhf -- Riku Voipio <email address hidden> Fri, 08 Jun 2018 15:37:05 +0300
Superseded in sid-release |
chromium-browser (67.0.3396.62-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-6123: Use after free in Blink. Reported by Looben Yang - CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong - CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico - CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric - CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang - CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski - CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane - CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane - CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong - CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith - CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert - CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang - CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han - CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong - CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk - CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa - CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin -- Michael Gilbert <email address hidden> Wed, 30 May 2018 13:03:02 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (67.0.3396.57-1) experimental; urgency=medium * New upstream beta release. * Ignore more compiler warnings. -- Michael Gilbert <email address hidden> Tue, 29 May 2018 13:06:17 +0000
Superseded in experimental-release |
chromium-browser (67.0.3396.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sun, 27 May 2018 04:27:00 +0000
Superseded in experimental-release |
chromium-browser (67.0.3396.48-1) experimental; urgency=medium * New upstream beta release. * Indicate that binary rules do not require root. * Change maintainer address to <email address hidden>. * Drop widevine adapter package, no longer supported upstream (chromium should automatically detect and use libwidevinecdm.so without the extra adapter library now). -- Michael Gilbert <email address hidden> Sat, 19 May 2018 03:30:20 +0000
Superseded in sid-release |
chromium-browser (66.0.3359.181-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting - CVE-2018-6121: Privilege Escalation in extensions. - CVE-2018-6122: Type confusion in V8. -- Michael Gilbert <email address hidden> Fri, 18 May 2018 21:08:59 +0000
Superseded in sid-release |
chromium-browser (66.0.3359.139-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson * Enable jumbo build. * Recommend libgl1-mesa-dri. -- Michael Gilbert <email address hidden> Sat, 28 Apr 2018 02:44:15 +0000
Superseded in sid-release |
chromium-browser (66.0.3359.117-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous - CVE-2018-6088: Use after free in PDFium. Reported by Anonymous - CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu - CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu - CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu - CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi - CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu - CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr - CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu - CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani - CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt - CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber - CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian - CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani - CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu - CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani - CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang - CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher - CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Chengdu Security Response Center - CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey - Fixes proxy time out error (closes: #892994). - Removes not implemented messages (closes: #893799). * Remove third_party/chromite from the upstream tarball (closes: #895076). -- Michael Gilbert <email address hidden> Thu, 26 Apr 2018 01:27:39 +0000
Superseded in sid-release |
chromium-browser (66.0.3359.26-2) unstable; urgency=medium [ Michael Gilbert ] * Build using gcc6. * Move version control to salsa.debian.org. * Change maintainer address to <email address hidden>. [ Riku Voipio ] * [arm64/armhf] Fix neon autodetection with patch from upstream * [armhf] drop debug symbols -- Michael Gilbert <email address hidden> Sun, 08 Apr 2018 03:11:08 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (66.0.3359.26-1) experimental; urgency=medium * New upstream release. * Use threaded compression while repacking the upstream tarball. -- Michael Gilbert <email address hidden> Mon, 26 Mar 2018 00:53:25 +0000
Superseded in experimental-release |
chromium-browser (66.0.3359.22-3) experimental; urgency=medium * Build pdfium using the system openjpeg library. -- Michael Gilbert <email address hidden> Sat, 24 Mar 2018 22:53:20 +0000
Superseded in experimental-release |
chromium-browser (66.0.3359.22-2) experimental; urgency=medium * Fix typo in vpx patch. -- Michael Gilbert <email address hidden> Sat, 24 Mar 2018 21:39:20 +0000
Superseded in experimental-release |
chromium-browser (66.0.3359.22-1) experimental; urgency=medium * New upstream release. - Fixes swiftshader library loading error (closes: #864606). -- Michael Gilbert <email address hidden> Mon, 19 Mar 2018 01:04:11 +0000
Superseded in sid-release |
chromium-browser (65.0.3325.146-4) unstable; urgency=medium * Fix another incomplete type build error (closes: #892891). -- Michael Gilbert <email address hidden> Thu, 15 Mar 2018 01:22:51 +0000
Superseded in sid-release |
chromium-browser (65.0.3325.146-3) unstable; urgency=medium * Fix incomplete type build error. -- Michael Gilbert <email address hidden> Sun, 11 Mar 2018 00:33:12 +0000
Superseded in sid-release |
chromium-browser (65.0.3325.146-2) unstable; urgency=medium * Fix a few gcc build warnings. * Apply upstream's fix for a bug in gcc7's handling of non-copyable types (closes: #890954). -- Michael Gilbert <email address hidden> Sat, 10 Mar 2018 00:36:33 +0000
Superseded in sid-release |
chromium-browser (65.0.3325.146-1) unstable; urgency=medium * New upstream stable release release. - CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt - CVE-2018-6060: Use after free in Blink. Reported by Omair - CVE-2018-6061: Race condition in V8. Reported by Guang Gong - CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6064: Type confusion in V8. Reported by lokihardt - CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand - CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa - CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera - CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang - CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu - CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous - CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen - CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair - CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi - CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec - CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani - CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka - CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini - CVE-2018-6081: XSS in interstitials. Reported by Rob Wu - CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu - CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu * Enable support for vp9 (closes: #891831). -- Michael Gilbert <email address hidden> Mon, 05 Mar 2018 01:26:31 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (65.0.3325.74-1) experimental; urgency=medium [ Michael Gilbert ] * New upstream release. * Update to debhelper 11. * Update standards version. * Remove third_party/llvm from the upstream tarball. * Drop -fno-delete-null-pointer from debian/rules, applied upstream now. [ Riku Voipio ] * Fix skia build on arm64, (closes: #891062) * Set some armhf specific gn args to help linking -- Michael Gilbert <email address hidden> Sat, 24 Feb 2018 02:36:40 +0000
Superseded in experimental-release |
chromium-browser (65.0.3325.73-1) experimental; urgency=medium * New upstream beta release. * Recommend libu2f-udev (closes: #890239). * Add support ffmpeg 3.5 (closes: #888387). * Remove icc_profiles from the upstream tarball. -- Michael Gilbert <email address hidden> Sun, 18 Feb 2018 02:22:56 +0000
Superseded in sid-release |
chromium-browser (64.0.3282.119-2) unstable; urgency=medium * Drop chromecast patch (closes: #884173). -- Michael Gilbert <email address hidden> Sun, 11 Feb 2018 03:00:09 +0000
Superseded in sid-release |
chromium-browser (64.0.3282.119-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall - CVE-2017-15429: UXSS in V8. Reported by Anonymous - CVE-2018-6031: Use after free in PDFium. Reported by Anonymous - CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu - CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen - CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein - CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre - CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone - CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer - CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen - CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu - CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera - CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL - CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa - CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu - CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew - CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso - CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek - CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov - CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu -- Michael Gilbert <email address hidden> Sun, 28 Jan 2018 01:00:12 +0000
Superseded in sid-release |
chromium-browser (63.0.3239.84-1) unstable; urgency=medium * New upstream stable release. * Update standards version to 4.1.2. * Stricter default master preferences. * Avoid showing the welcome page (closes: #857767). * Switch from gtk2 to gtk3 again (closes: #883364). -- Michael Gilbert <email address hidden> Sun, 03 Dec 2017 16:05:00 +0000
Superseded in stretch-release |
chromium-browser (62.0.3202.89-1~deb9u1) stretch-security; urgency=medium * New upstream security release. - CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson - CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun -- Michael Gilbert <email address hidden> Wed, 08 Nov 2017 01:29:57 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (63.0.3239.40-1) experimental; urgency=medium * New upstream beta release. * Disable chromium signin feature. * Fix error in icon installation script. * Update to the latest standards version. * Indicate that the package can be built without root. -- Michael Gilbert <email address hidden> Sun, 12 Nov 2017 05:36:26 +0000
Superseded in experimental-release |
chromium-browser (63.0.3239.30-1) experimental; urgency=medium * New upstream beta release. * Install 16 and 32 pixel png icon files (closes: #857071). * Improve description for --temp-profile (closes: #881040). * Document Debian bug reports in the manpage (closes: #880965). * Stricter breaks/replaces to support security uploads (closes: #877970). -- Michael Gilbert <email address hidden> Wed, 08 Nov 2017 01:54:47 +0000
chromium-browser (62.0.3202.89-1) unstable; urgency=medium * New upstream security release. - CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson - CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun * Revert new dependency on gconf. * Link against system lcms2 library (closes: #879153). * Disable device notifications by default (closes: #856571). * Remove icon extension from the desktop file (closes: #860256). -- Michael Gilbert <email address hidden> Tue, 07 Nov 2017 02:22:17 +0000
Superseded in sid-release |
chromium-browser (62.0.3202.75-1) unstable; urgency=medium * New upstream stable release (closes: #879451). - CVE-2017-5124: UXSS with MHTML. Reported by Anonymous - CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous - CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5128: Heap overflow in WebGL. Reported by Omair - CVE-2017-5129: Use after free in WebAudio. Reported by Omair - CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan - CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic - CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu - CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu - CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah - CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr - CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang - CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu - CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin - CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam - CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman - CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng * Enable chromecast feature switch (closes: #878244). -- Michael Gilbert <email address hidden> Sat, 04 Nov 2017 19:01:28 +0000
Superseded in stretch-release |
chromium-browser (61.0.3163.100-1~deb9u1) stretch-security; urgency=medium * New upstream stable release - CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein - CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu - CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini - CVE-2017-5116: Type confusion in V8. Reported by Anonymous - CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein - CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu - CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu - CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet - CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han -- Michael Gilbert <email address hidden> Wed, 27 Sep 2017 02:03:41 +0000
chromium-browser (61.0.3163.100-2) unstable; urgency=medium * Add liblcms2-dev as a build dependency (closes: #876804). -- Michael Gilbert <email address hidden> Tue, 26 Sep 2017 12:54:35 +0000
Superseded in sid-release |
chromium-browser (61.0.3163.100-1) unstable; urgency=medium * New upstream stable release (closes: #876030). - CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Kleini - CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu - CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini - CVE-2017-5116: Type confusion in V8. Reported by Anonymous - CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein - CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu - CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu - CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet - CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han - Adds support for gcc7 (closes: #853347). * Update standards version. * Use system libstdc++ instead of chromium's bundled custom libc++. * Improve error message when network is unreachable (closes: #864539). * Fix a mistake that lead to unstripped binary files (closes: #870531). -- Michael Gilbert <email address hidden> Sun, 24 Sep 2017 20:26:02 +0000
chromium-browser (60.0.3112.78-1) unstable; urgency=medium * New upstream stable release: - CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson - CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng - CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera - CVE-2017-5094: Type confusion in extensions. Reported by Anonymous - CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous - CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada - CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous - CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim - CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou - CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous - CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera - CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani - CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab - CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora - CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac - CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner - CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong - CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña Morgado - CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr -- Michael Gilbert <email address hidden> Thu, 27 Jul 2017 03:22:03 +0000
chromium-browser (59.0.3071.104-1) unstable; urgency=medium * New upstream security release. - CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson - CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong - CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski * Update get-orig-source to support really long arguments to tar --delete. -- Michael Gilbert <email address hidden> Sat, 17 Jun 2017 20:03:49 +0000
chromium-browser (59.0.3071.86-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun - CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han - CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora - CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani - CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous - CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot - CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb - CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip - CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno - CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani - CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani - CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev - CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research - CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani - CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng - CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora -- Michael Gilbert <email address hidden> Mon, 05 Jun 2017 23:09:28 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (59.0.3071.71-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sat, 27 May 2017 03:30:14 +0000
Superseded in experimental-release |
chromium-browser (59.0.3071.61-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert <email address hidden> Sun, 21 May 2017 19:34:39 +0000
Superseded in experimental-release |
chromium-browser (59.0.3071.47-1) experimental; urgency=medium * New upstream beta release. * Simplify approach for disabling vp9. * Fix incomplete new interfaces to system ICU library. * Remove XML_PARSE_NOXXE flag since system libxml2 does not yet support it. -- Michael Gilbert <email address hidden> Sat, 13 May 2017 16:09:05 +0000
chromium-browser (58.0.3029.96-1) unstable; urgency=medium * New upstream security release. - CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke -- Michael Gilbert <email address hidden> Sun, 07 May 2017 00:36:22 +0000
Published in jessie-release |
chromium-browser (57.0.2987.98-1~deb8u1) jessie-security; urgency=medium * New upstream stable release. - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123 - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa * Configure with fieldtrial_testing_like_official_build=true to avoid building with experimental features enabled (closes: #855434). -- Michael Gilbert <email address hidden> Sun, 26 Feb 2017 03:18:38 +0000
chromium-browser (58.0.3029.81-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong. - CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani - CVE-2017-5059: Type confusion in Blink. Credit to SkyLined - CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng - CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang - CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous - CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip - CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar - CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani - CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu - CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani - CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman -- Michael Gilbert <email address hidden> Wed, 19 Apr 2017 23:20:29 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (58.0.3029.68-1) experimental; urgency=medium * New upstream beta release. - Drop arm patch, now applied upstream. - Add missing file needed to be able to build gn. - Update vpx.patch to continue using the system library. - Set use_vulcanize=false to avoid bringing in the entire nodejs ecosystem. * Enable remote extensions by default (closes: #856183). -- Michael Gilbert <email address hidden> Fri, 07 Apr 2017 04:51:22 +0000
chromium-browser (57.0.2987.133-1) unstable; urgency=medium * New upstream security update. - CVE-2017-5055: Use after free in printing. Credit to Wadih Matar - CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar - CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin - CVE-2017-5056: Use after free in Blink. Credit to anonymous - CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper -- Michael Gilbert <email address hidden> Fri, 07 Apr 2017 01:07:17 +0000
chromium-browser (57.0.2987.98-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123 - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa * Drop arm and MADV_FREE patches, which are now applied upstream. -- Michael Gilbert <email address hidden> Fri, 10 Mar 2017 22:00:06 +0000
chromium-browser (56.0.2924.76-5) unstable; urgency=medium * Configure with fieldtrial_testing_like_official_build=true to avoid building with experimental features enabled (closes: #855434). * Do not disable background networking when remote extensions are enabled, since that option also blocks updates to extensions (closes: #841401). - Thanks to Tarmo Huuhka. -- Michael Gilbert <email address hidden> Sat, 25 Feb 2017 21:41:02 +0000
chromium-browser (56.0.2924.76-4) unstable; urgency=medium * Do not create a dbgsym package for widevine (closes: #855529). -- Michael Gilbert <email address hidden> Sun, 19 Feb 2017 20:17:38 +0000
Superseded in sid-release |
chromium-browser (56.0.2924.76-3) unstable; urgency=medium * Upload to unstable. -- Michael Gilbert <email address hidden> Sun, 05 Feb 2017 19:47:22 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (56.0.2924.76-2) experimental; urgency=medium * Backport upstream bugfix for non-NEON builds, closes: #853108 * Fix seccomp sandboxing on arm64 platforms with DRI3 -- Riku Voipio <email address hidden> Thu, 02 Feb 2017 09:37:05 +0200
Superseded in experimental-release |
chromium-browser (56.0.2924.76-1) experimental; urgency=medium * New upstream stable release: - CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani - CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford - CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy - CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang - CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip - CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou - CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar - CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang - CVE-2017-5017: Uninitialised memory access in webm video. Credit to danberm - CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu - CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu - CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu - CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to PKAV Team. - CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC) - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing -- Michael Gilbert <email address hidden> Thu, 26 Jan 2017 01:42:21 +0000
chromium-browser (55.0.2883.75-6) unstable; urgency=medium * Organize patches. * Move widevine package to contrib (closes: #851917). * Conflict with very old versions of libsecret (closes: #838864). * Support --enable-remote-extensions option passed through CHROMIUM_FLAGS (closes: #851927). -- Michael Gilbert <email address hidden> Sun, 22 Jan 2017 00:47:28 +0000
Superseded in sid-release |
chromium-browser (55.0.2883.75-5) unstable; urgency=medium * Fix new lintian warnings. * Fix quoting error in run script (closes: #851634). -- Michael Gilbert <email address hidden> Thu, 19 Jan 2017 01:19:24 +0000
1 → 75 of 294 results | First • Previous • Next • Last |