Change log for chromium-browser package in Debian
151 → 225 of 294 results | First • Previous • Next • Last |
chromium-browser (38.0.2125.101-2) unstable; urgency=medium * Disable HiDPI (closes: #764883). * Fix conffile handling (closes: #764769). * Correct icon installation logic (closes: #764828). * Use embedded protobuf code copy (closes: #764911). * Support larger set of html5 video formats again (closes: #764793). -- Michael Gilbert <email address hidden> Sun, 12 Oct 2014 21:34:26 +0000
chromium-browser (38.0.2125.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang. - CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer. - CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz. - CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne. - CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla. - CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw. - CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada. - CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen. - CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne. - CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). - Improved support for HiDPI displays (closes: #763421). * Add libgnome-keyring-dev build dependency (closes: #764548). * Install desktop file and icons again (closes: #764373). * Correctly handle old conffiles (closes: #764180). -- Michael Gilbert <email address hidden> Fri, 10 Oct 2014 00:49:02 +0000
Superseded in sid-release |
chromium-browser (37.0.2062.120-4) unstable; urgency=medium * Merge changes from the experimental branch. * Install chromium menu entry (closes: #752855). * Use /etc/chromium.d for preferences (closes: #762574). -- Michael Gilbert <email address hidden> Sun, 28 Sep 2014 17:39:41 +0000
Superseded in sid-release |
chromium-browser (37.0.2062.120-3) unstable; urgency=medium * Build with clang 3.5. * Enable support for HiDPI displays (closes: #763421). * Document debian-specific command-line options (closes: #755401). -- Michael Gilbert <email address hidden> Sun, 28 Sep 2014 17:39:41 +0000
chromium-browser (37.0.2062.120-2) unstable; urgency=medium * Build with clang instead of gcc. * Add libexif-dev build dependency. -- Michael Gilbert <email address hidden> Sun, 21 Sep 2014 22:57:11 +0000
Superseded in sid-release |
chromium-browser (37.0.2062.120-1) unstable; urgency=medium * New upstream stable release (closes: #761090): - CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. - CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne. - CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud. - CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer. - CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak. - CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu. - CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer. - CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey. - CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar. - CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte Kettunen from OUSPG. - CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3176: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. - CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives. - Fixes segfault in angle with gcc 4.9 (closes: #751652). - Includes an embedded pdf viewer (closes: #667591). * Use pristine upstream that doesn't have pre-built nacl (closes: #753761). * Correct webbrowser spelling in the desktop file (closes: #758143). * Remove leftover conffiles (closes: #751848). * Build using gcc 4.9 (closes: #754182). -- Michael Gilbert <email address hidden> Wed, 13 Aug 2014 22:56:16 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (36.0.1985.125-0) experimental; urgency=medium * New upstream beta release. * Disable Google API keys warning. * Remove more files from the upstream tarball. -- Michael Gilbert <email address hidden> Wed, 16 Jul 2014 00:49:19 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (36.0.1985.103-1) experimental; urgency=medium * New upstream beta release. * Remove android folders. -- Michael Gilbert <email address hidden> Sat, 12 Jul 2014 21:38:26 +0000
Superseded in wheezy-release |
chromium-browser (35.0.1916.153-1~deb7u1) stable-security; urgency=high * New upstream stable release: - CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. - CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. - CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen. - CVE-2014-3157: Heap overflow in media. * Don't set sse2 compiler flags on i386 (closes: #750361). -- Michael Gilbert <email address hidden> Fri, 13 Jun 2014 04:15:39 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.98-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert <email address hidden> Sun, 06 Jul 2014 04:05:56 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.97-1) experimental; urgency=medium * New upstream beta release. * Use system srtp, modpbase64, zlib, and minizip. * Remove srtp files from the upstream tarball (closes: #753826). -- Michael Gilbert <email address hidden> Sun, 06 Jul 2014 00:06:57 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.84-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert <email address hidden> Sat, 21 Jun 2014 23:41:14 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.67-1) experimental; urgency=medium * New upstream beta release. * More verbose linking output. * Fix unwanted output (closes: #751359). * More robust fix for older processors (closes: #750361). -- Michael Gilbert <email address hidden> Wed, 18 Jun 2014 00:18:47 +0000
chromium-browser (35.0.1916.153-2) unstable; urgency=medium * Avoid gcc 4.9 (closes: #751294) -- Michael Gilbert <email address hidden> Thu, 12 Jun 2014 01:11:09 +0000
chromium-browser (35.0.1916.153-1) unstable; urgency=high * New upstream stable release: - CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. - CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. - CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen. - CVE-2014-3157: Heap overflow in media. * Don't set sse2 compiler flags on i386 (closes: #750361). * Prefer libgcrypt11 (closes: #750304). -- Michael Gilbert <email address hidden> Wed, 11 Jun 2014 02:31:22 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.49-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert <email address hidden> Sun, 08 Jun 2014 01:49:51 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.36-1) experimental; urgency=medium * Use system libre2. * Remove more files from the upstream tarball. * Don't set sse2 compiler flags on i386 (closes: #750361). -- Michael Gilbert <email address hidden> Sat, 07 Jun 2014 22:00:14 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.35-1) experimental; urgency=medium * Remove more files from the upstream tarball. * Only include TODO.Debian once (closes: #750568). -- Michael Gilbert <email address hidden> Thu, 05 Jun 2014 20:21:28 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.32-1) experimental; urgency=medium * New upstream beta release. * Add icon to menu entry (closes: #703307). * Remove third_party/wtl (closes: #647529). * Update package descriptions (closes: #749673). -- Michael Gilbert <email address hidden> Sat, 31 May 2014 19:05:32 +0000
chromium-browser (35.0.1916.114-2) unstable; urgency=medium * Add flags to avoid memory exhaustion while linking on i386 (closes: #746034). -- Michael Gilbert <email address hidden> Tue, 27 May 2014 03:09:00 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.18-2) experimental; urgency=medium * Add libexif-dev build dependency. * Add flags to avoid memory exhaustion while linking on i386. -- Michael Gilbert <email address hidden> Mon, 26 May 2014 23:43:25 +0000
Superseded in experimental-release |
chromium-browser (36.0.1985.18-1) experimental; urgency=medium * New upstream beta release. * Build with gcc 4.9. * Rebuild the packaging from scratch using the "lite" upstream packages, ninja instead of make, debhelper 9 instead of cdbs, and simplified debian/rules. * Use system versions of icu, png, jpeg, opus, snappy, and jsoncpp. * No longer provide get-current-source rule (closes: #585814). * Add a README.debian document with information about chromium-inspector and command-line flags (closes: #629505, #649812). * Add protobuf-compiler, ninja-build, bison, and gperf build dependencies (closes: #748673). -- Michael Gilbert <email address hidden> Sun, 25 May 2014 03:39:39 +0000
Superseded in sid-release |
chromium-browser (35.0.1916.114-1) unstable; urgency=high * New upstream stable release: - CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. - CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. - CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen. - CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. - CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. - CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. -- Michael Gilbert <email address hidden> Wed, 21 May 2014 23:15:51 +0000
Superseded in experimental-release |
chromium-browser (35.0.1916.99-1) experimental; urgency=medium * New upstream beta release. * Remove more upstream files. -- Michael Gilbert <email address hidden> Mon, 12 May 2014 02:27:32 +0000
Superseded in sid-release |
chromium-browser (34.0.1847.137-1) unstable; urgency=medium * New upstream stable release: - High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. - High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. - High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer. -- Michael Gilbert <email address hidden> Sat, 17 May 2014 13:06:30 +0000
Superseded in experimental-release |
chromium-browser (35.0.1916.86-1) experimental; urgency=medium * New upstream beta release. * Rebuild the packaging from scratch using the "lite" upstream packages, ninja instead of make, debhelper 9 instead of cdbs, and simplified debian/rules. * Use system versions of icu, png, jpeg, opus, snappy, and jsoncpp. * Fix capitalization in package descriptions (closes: #741270). * Update package descriptions (closes: #650171). -- Michael Gilbert <email address hidden> Thu, 08 May 2014 01:01:44 +0000
Superseded in sid-release |
chromium-browser (34.0.1847.132-1) unstable; urgency=medium * New upstream stable release: - High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. - High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. - High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative - Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani - Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis - CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33. * Add libkrb5-dev build-dependency (closes: #745794). * Remove non-free file (closes: #745397). -- Michael Gilbert <email address hidden> Sat, 26 Apr 2014 18:03:53 +0000
Superseded in wheezy-release |
Deleted in jessie-release (Reason: None provided.) |
Superseded in sid-release |
chromium-browser (34.0.1847.116-1~deb7u1) stable-security; urgency=high * New upstream stable release: - High CVE-2014-1716: UXSS in V8. Credit to Anonymous. - High CVE-2014-1717: OOB access in V8. Credit to Anonymous. - High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple. - High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer. - High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler. - High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz. - High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay. - High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen. - Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous. - Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn. - Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. -- Michael Gilbert <email address hidden> Tue, 15 Apr 2014 01:02:54 +0000
Superseded in sid-release |
chromium-browser (34.0.1847.116-2) unstable; urgency=medium * Add libgcrypt build-dependency. -- Michael Gilbert <email address hidden> Tue, 15 Apr 2014 00:22:36 +0000
Superseded in sid-release |
chromium-browser (34.0.1847.116-1) unstable; urgency=high * New upstream stable release: - High CVE-2014-1716: UXSS in V8. Credit to Anonymous. - High CVE-2014-1717: OOB access in V8. Credit to Anonymous. - High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple. - High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer. - High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler. - High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz. - High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay. - High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen. - Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous. - Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn. - Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. * Remove sourceless javascript files (closes: #735355). * Remove sourceless swf files (closes: #735344). -- Michael Gilbert <email address hidden> Fri, 11 Apr 2014 01:42:04 +0000
chromium-browser (33.0.1750.152-1) unstable; urgency=high * [641361a] Disable new GN stuff * [43cea90] Refreshed patches * New stable release: - High CVE-2014-1713: Use-after-free in Blink bindings - High CVE-2014-1714: Windows clipboard vulnerability - High CVE-2014-1705: Memory corruption in V8 - High CVE-2014-1715: Directory traversal issue - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. - High CVE-2014-1701: UXSS in events. Credit to aidanhs. - High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne. - High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18 - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10 - High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. - Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris. - Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys. - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. -- Giuseppe Iuculano <email address hidden> Fri, 21 Mar 2014 17:20:44 +0100
chromium-browser (32.0.1700.123-4) unstable; urgency=medium * Remove polymer.js.min. -- Michael Gilbert <email address hidden> Sun, 09 Mar 2014 22:30:14 +0000
Superseded in sid-release |
chromium-browser (32.0.1700.123-3) unstable; urgency=medium * Remove a lot of sourceless files. * Suggest mozplugger (closes: #626400). * Use file's -E option (closes: #740476). * Capitalize Chromium in descriptions (closes: #732928, #715802). -- Michael Gilbert <email address hidden> Sun, 16 Feb 2014 18:50:06 +0000
Superseded in sid-release |
chromium-browser (32.0.1700.123-2) unstable; urgency=medium * Build with system libjs-jquery-flot. * Build chromedriver (closes: #725130). - Thanks to Vincent Bernat and Adrian Lang. -- Michael Gilbert <email address hidden> Sun, 16 Feb 2014 02:32:18 +0000
chromium-browser (32.0.1700.123-1) unstable; urgency=medium * [a7cf72b] Refreshed Patches * [0da7fc2] Added libdrm-dev and libcap-dev in build-deps * New stable release: - High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler. - High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio. - CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani. - CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives. -- Giuseppe Iuculano <email address hidden> Thu, 13 Feb 2014 19:36:17 +0100
Superseded in wheezy-release |
chromium-browser (31.0.1650.63-1~deb7u1) stable-security; urgency=high * New upstream stable release: - Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. - High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. - Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. Credit to Bas Venis. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. -- Michael Gilbert <email address hidden> Fri, 06 Dec 2013 16:56:44 +0000
chromium-browser (31.0.1650.63-1) unstable; urgency=medium * New upstream stable release: - Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. - High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. - Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. Credit to Bas Venis. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. -- Michael Gilbert <email address hidden> Thu, 05 Dec 2013 14:05:22 +0000
chromium-browser (31.0.1650.57-1) unstable; urgency=medium * New upstream stable release: - Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - High CVE-2013-6624: Use after free related to “id” attribute strings. Credit to Jon Butler. - High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer. - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva. - High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined. - Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris. - Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google. - Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google. - High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project. - Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie. * Disable promos by default (closes: #634101). * Set WANT_TESTS=0 if WANT_TESTS=1 fails (closes: #589654). * Maintain window ordering when new tabs are opened (closes: #725350). * Install chromium-inspector files to /usr/share instead of /usr/lib. * Don't remove third party libraries from the upstream tarball. * Remove non-default compression selections from debian/rules. * Build with breakpad crash reporting. * Fix some lintian warnings. -- Michael Gilbert <email address hidden> Wed, 13 Nov 2013 07:44:55 +0000
chromium-browser (30.0.1599.101-3) unstable; urgency=medium * Fix sandbox installation path (closes: #728823). -- Michael Gilbert <email address hidden> Thu, 07 Nov 2013 04:24:55 +0000
Superseded in sid-release |
chromium-browser (30.0.1599.101-2) unstable; urgency=medium * Use system zlib. * Remove arm patches. * Update lintian overrides. * Remove an unsafe symlink. * Remove icu build dependency. * Support poststript printing (closes: #717722). * Use fonts-ipafont instead of ttf-kochi (closes: #725800). -- Michael Gilbert <email address hidden> Sat, 02 Nov 2013 21:25:50 +0000
chromium-browser (30.0.1599.101-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable release: - High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. - High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer. - CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky. - Medium CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code. Credit to Chamal de Silva. - High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com. - High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer. - High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani. - Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld. - High CVE-2013-2916: Address bar spoofing related to the "204 No Content” status code. Credit to Masato Kinugawa. - Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data. - Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here. * [6651f1c] Added chrpath to build-depends * [3c88b20] Refreshed Patches for version 30 * [743a0a6] Make default of third-party cookies the most secure for users. Thanks to Chad Miller * [9507f07] Do not install remoting_locales/en-US.pak * [64b895b] Move chrome_sandbox to chrome-sandbox, chromium reads that file [ Shawn Landden ] * [6d027f1] rules: dpkg compresses .deb files with xz by default now [ Michael Gilbert ] * [18341ce] add some TODO tasks -- Giuseppe Iuculano <email address hidden> Mon, 21 Oct 2013 13:06:14 +0200
Superseded in wheezy-release |
chromium-browser (29.0.1547.57-1~deb7u1) stable-security; urgency=high * New upstream stable release: - High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. - Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. - High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. - High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. - High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. - High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). -- Michael Gilbert <email address hidden> Sun, 25 Aug 2013 00:13:29 +0000
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (29.0.1547.57-3+exp1) experimental; urgency=low [ Shawn Landden ] * Enable arm support. -- Michael Gilbert <email address hidden> Sun, 22 Sep 2013 00:34:12 +0000
chromium-browser (29.0.1547.57-3) unstable; urgency=medium * Drop transitional packages (closes: #684369). * Fix another copyright file syntax error. * Remove libav build dependencies. * Fix lintian override syntax. * Fix version control URL. * Use system vpx. -- Michael Gilbert <email address hidden> Tue, 27 Aug 2013 01:01:35 +0000
chromium-browser (29.0.1547.57-2) unstable; urgency=medium * Mark chromium-inspector as multi-arch: foreign (closes: #695229). * Use system libpng (closes: #699918). * Fix copyright file syntax error. * Drop implicit g++ dependency. * Add some lintian overrides. * Update my email address. * Remove unsafe symlink. -- Michael Gilbert <email address hidden> Sun, 25 Aug 2013 02:15:35 +0000
Superseded in sid-release |
chromium-browser (29.0.1547.57-1) unstable; urgency=medium [ Michael Gilbert ] * New upstream stable release: - High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. - Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. - High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. - High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. - High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. - High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). * Remove unused webkit layout tests (closes: 720446). * Use source package name for get-orig-source rule. * Remove gfdl documentation (closes: #708860). * Build-depend on git. [ Shawn Landden ] * New standards version. * Use canonical VCS url. * Always use system includes rather than ones of a chroot. -- Michael Gilbert <email address hidden> Sat, 24 Aug 2013 20:14:52 +0000
chromium-browser (28.0.1500.95-3) unstable; urgency=medium * Fix placement of -fuse-ld=gold in ldflags. -- Michael Gilbert <email address hidden> Thu, 01 Aug 2013 16:38:05 +0000
Superseded in sid-release |
chromium-browser (28.0.1500.95-2) unstable; urgency=medium * Use -fuse-ld=gold instead of binutils-gold. * Drop libv8-dev build-dependency. -- Michael Gilbert <email address hidden> Wed, 31 Jul 2013 20:22:33 +0000
Superseded in sid-release |
chromium-browser (28.0.1500.95-1) unstable; urgency=medium * New upstream stable release: - Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. - High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. - High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. - High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert <email address hidden> Tue, 30 Jul 2013 20:34:19 +0000
chromium-browser (28.0.1500.71-2) unstable; urgency=medium * Disable armhf. * Remove outdated patches. * Eliminate special handling for old compiler versions. -- Michael Gilbert <email address hidden> Mon, 15 Jul 2013 18:40:47 +0000
Superseded in sid-release |
chromium-browser (28.0.1500.71-1) unstable; urgency=medium [ Michael Gilbert ] * New upstream stable release: - Low CVE-2013-2867: Block pop-unders in various scenarios. - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. - None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson. - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives. Credit to Chrome 28 team. * Install mksnapshot. [ Shawn Landden ] * Enable armhf. * Build with system libwebp when version >= 0.3.0. -- Michael Gilbert <email address hidden> Fri, 12 Jul 2013 15:19:18 +0000
Superseded in sid-release |
chromium-browser (27.0.1453.110-2) unstable; urgency=low [ Michael Gilbert ] * Use default gcc. * Enable verbose build. * Support gcc 4.8 (closes: #701256). * Disable pie hardening flag due to ffmpeg linking issue. [ Giuseppe Iuculano ] * Remove hardening-wrapper and switch to dpkg-buildflags. -- Michael Gilbert <email address hidden> Sun, 07 Jul 2013 20:06:05 +0000
Superseded in wheezy-release |
chromium-browser (27.0.1453.93-1~deb7u1) stable-security; urgency=high * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. -- Michael Gilbert <email address hidden> Wed, 22 May 2013 03:03:49 +0000
chromium-browser (27.0.1453.110-1) unstable; urgency=low * New stable release: - Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". - High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. - High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to "cdel921". - High CVE-2013-2859: Cross-origin namespace pollution. Credit to "bobbyholley". - High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne. - High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz. - High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG. - Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastien Marchand of the Chromium development community. - High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. - High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives. -- Giuseppe Iuculano <email address hidden> Wed, 05 Jun 2013 17:00:28 +0200
Superseded in sid-release |
chromium-browser (27.0.1453.93-1) unstable; urgency=low * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. -- Michael Gilbert <email address hidden> Wed, 22 May 2013 03:03:49 +0000
chromium-browser (26.0.1410.43-1) unstable; urgency=medium * New stable release: - High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. - Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar). - Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community. - Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer). - Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer). - High CVE-2013-0921: Ensure isolated web sites run in their own processes. - Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”. - Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer). - Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community. - Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google. - Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c. * Use embedded libvpx for vp9 support, which chromium now requires. * Add libspeechd-dev build-dependency. * Disable breakpad crash reporting. -- Michael Gilbert <email address hidden> Sat, 30 Mar 2013 14:44:33 +0000
chromium-browser (25.0.1364.160-1) unstable; urgency=high * New stable security release: - High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs. -- Michael Gilbert <email address hidden> Fri, 08 Mar 2013 03:46:20 +0000
Superseded in sid-release |
chromium-browser (25.0.1364.152-1) unstable; urgency=high * [8761d73] Remove armel and armhf. We cannot support them in wheezy * New stable security release: - High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. - High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". - High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community. - Medium CVE-2013-0908: Incorrect handling of bindings for extension processes. - Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov. - Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla). -- Giuseppe Iuculano <email address hidden> Tue, 05 Mar 2013 11:14:34 +0100
Superseded in sid-release |
chromium-browser (25.0.1364.97-1) unstable; urgency=low * New stable release: - High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. - Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan. - Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG. - Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0885: Too many API permissions granted to web store. - Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). - Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community. - High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno). - High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community. - Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno). * [a5f15ae] Added libpci-dev to B-depends * [ace2b7a] Refreshed patches * [32c84fa] Install remoting_locales * [f868804] Do not enable NEON on ARM, thanks Ubuntu. * [d1a3e36] Ignore stamp files in missing checks -- Giuseppe Iuculano <email address hidden> Sat, 23 Feb 2013 11:45:07 +0100
chromium-browser (24.0.1312.68-1) unstable; urgency=high * New stable release: - High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-0840: Missing URL validation when opening new windows. - High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0842: Problems with NULL characters embedded in paths. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. - High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. - High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez. - Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). - High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. - High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). - Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). - [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). - Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. - High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. - Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer). - High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. - High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. - Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla). - Critical CVE-2012-5142: Crash in history navigation. Credit to Michal Zalewski of Google Security Team. - Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt. - High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie. - High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. - Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. - Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. - High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team. - Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. - [Linux 64-bit only] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. - High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz. - High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG. - Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team. - Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team. - Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community. - Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community. - Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar). * [574d76c] Override the lintian flag: embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec * [3105012] Updated changelog * [ac9c032] Use explicit library dependencies instead of dlopen * [1ad217c] Fixed CHANNELS_URL * [7c2d359] Drop SCM revision from the version * [ca31c0c] Install all chromium libs * [167aea7] Use internal copy of libpng. This is necessary because with system libpng render process is consuming 100% CPU (see http://code.google.com/p/chromium/issues/detail?id=174603) * [8742d82] debian/patches/pulse_ftbfs.patch: Fix FTBFS * [9e76ec7] Refreshed patches * [1c6f4c3] Use Debian api key * [cdf5c74] Refreshed patches * [ad9480c] Remove useless embedded copy of documentation from source containing non DFSG-compliant material: - src/native_client/toolchain/linux_x86/info - src/native_client/toolchain/linux_x86/man - src/native_client/toolchain/linux_x86/share/info - src/native_client/toolchain/linux_x86/x86_64-nacl/share/info - src/native_client/toolchain/linux_x86_newlib/info - src/native_client/toolchain/linux_x86_newlib/man - src/native_client/toolchain/linux_x86_newlib/share/info (Closes: #695703) * [31ea388] Fixed Homepage field. Thanks to Dmitry Shachnev (Closes: #686561) * [d509e07] Override the lintian flag: embedded-library usr/lib/chromium/chromium: libpng -- Giuseppe Iuculano <email address hidden> Wed, 06 Feb 2013 15:34:17 +0100
chromium-browser (22.0.1229.94~r161065+dfsg-0.1) unstable; urgency=low * Non-maintainer upload. * Remove useless embedded copy of documentation from source containing non DFSG-compliant material: - src/native_client/toolchain/linux_x86/info - src/native_client/toolchain/linux_x86/man - src/native_client/toolchain/linux_x86/share/info - src/native_client/toolchain/linux_x86/x86_64-nacl/share/info - src/native_client/toolchain/linux_x86_newlib/info - src/native_client/toolchain/linux_x86_newlib/man - src/native_client/toolchain/linux_x86_newlib/share/info Closes: #695703 -- David Prévot <email address hidden> Mon, 31 Dec 2012 15:47:12 -0400
chromium-browser (22.0.1229.94~r161065-3) unstable; urgency=medium * Use system vpx library again (resolves armel build failures). -- Michael Gilbert <email address hidden> Sun, 28 Oct 2012 00:55:58 -0400
Superseded in sid-release |
chromium-browser (22.0.1229.94~r161065-2) unstable; urgency=medium * [574d76c] Override the lintian flag: embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec -- Giuseppe Iuculano <email address hidden> Tue, 23 Oct 2012 17:51:56 +0200
chromium-browser (21.0.1180.89~r154005-1) unstable; urgency=high * New stable security release: - Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - Low CVE-2012-2867: Browser crash with SPDY. - Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein. -- Giuseppe Iuculano <email address hidden> Fri, 31 Aug 2012 11:24:58 +0200
Superseded in sid-release |
chromium-browser (21.0.1180.75~r150248-1) unstable; urgency=medium [ Shawn Landden ] * [b7c6ba3] update changelog to record changes in last upload * [3c6a149] master_prefs: don't go straight to internet, don't prompt to change default browser * [e441276] initial_bookmarks.html: add Debian support page * [2bb621a] compress source tarball as xz (Closes: #676774) [ Giuseppe Iuculano ] * New stable minor release fixing the following issues: - REGRESSION: Rendering difference in Chrome 21 and 22 that affected on Persian Wikipedia - Some known crashes - Audio objects are not "switched" immediately - Print and Print Preview ignore paper size default in printer config - Candidate windows is shown in wrong place in Retina display - more of the choppy and distorted audio issues - Japanese characters showing in Chinese font - Sync invalidation notification broken after restart -- Giuseppe Iuculano <email address hidden> Fri, 10 Aug 2012 17:31:57 +0200
Superseded in sid-release |
chromium-browser (21.0.1180.57~r148591-1) unstable; urgency=medium * [fd04758] Install demo extension * New upstream stable release: - Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes). - Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. - Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security. - Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock. - Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community. - High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. - High CVE-2012-2857: Use-after-free in CSS DOM. Credit to - Arthur Gerkis. - High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Jüri Aedla. - Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team. - Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva. -- Giuseppe Iuculano <email address hidden> Tue, 07 Aug 2012 10:55:17 +0200
chromium-browser (20.0.1132.57~r145807-1) unstable; urgency=medium [ Michael Gilbert ] * New ustream stable security release: - [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. - [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. - [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google. [ Shawn Landden ] * Revert "Do not use binutils-gold in armel and armhf". * Update vpx patch to use system headers (Closes: #674728). * Fixup skia fixup for <armv6. -- Michael Gilbert <email address hidden> Fri, 13 Jul 2012 15:31:11 -0400
chromium-browser (20.0.1132.43~r143823-1) unstable; urgency=high * New stable release - Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. - High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. - High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. - High CVE-2012-2819: Crash in texture handling. Credit to Ken "gets" Russell of the Chromium development community. - Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-2821: Autofill display problem. Credit to "simonbrown60" - High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. - High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. - Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. - High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. - [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. - High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. -- Giuseppe Iuculano <email address hidden> Sat, 30 Jun 2012 14:33:40 +0200
Superseded in sid-release |
chromium-browser (20.0.1132.41~r143299-1) unstable; urgency=medium * [98cf55e] Do not use binutils-gold in armel and armhf * New beta release -- Giuseppe Iuculano <email address hidden> Fri, 22 Jun 2012 16:41:48 +0200
Superseded in sid-release |
chromium-browser (20.0.1132.34~r141824-1) unstable; urgency=low * [29f002e] Add -DUSE_EABI_HARDFLOAT in gyp defines for armhf * [3a003ca] Added some armel and armhf patches. Thanks to Shawn * [2f15044] Search te correct icon when minimised. Thanks to Jonathan Nieder (Closes: #651455) -- Giuseppe Iuculano <email address hidden> Wed, 20 Jun 2012 19:05:50 +0200
Superseded in sid-release |
chromium-browser (20.0.1132.27~r140692-2) unstable; urgency=low * [c0e9499] Improved sqlite patch. Thanks to Andrew Chant (Closes: #676636) * [62d276b] Backported: Use 32-byte alignment in AudioArray if using WEBAUDIO_FFMPEG https://bugs.webkit.org/show_bug.cgi?id=87430 * [1183b6a] Added -DUSE_EABI_HARDFLOAT for armhf -- Giuseppe Iuculano <email address hidden> Wed, 13 Jun 2012 13:21:26 +0200
Superseded in sid-release |
chromium-browser (20.0.1132.27~r140692-1) unstable; urgency=low * New beta release. * [e2adf90] Applied sqlite patch and fixed omnibox crash (Closes: #676636) * [69cc508] Define arm_float_abi=soft for armel and arm_float_abi=hard for armhf -- Giuseppe Iuculano <email address hidden> Mon, 11 Jun 2012 17:54:51 +0200
Superseded in sid-release |
chromium-browser (20.0.1132.21~r139451-3) unstable; urgency=low * Upload to unstable. -- Giuseppe Iuculano <email address hidden> Wed, 06 Jun 2012 10:29:58 +0200
Deleted in experimental-release (Reason: None provided.) |
chromium-browser (20.0.1132.21~r139451-2) experimental; urgency=low * [1de8e21] Build depends on binutils-gold also in armel and armhf * [5890c9b] Do not use third_party/gold as the linker. (Closes: #675563) * [e883861] Strip third_party/gold from upstream tarball. Thanks to Andrew Chant * [c9ac368] Use gcc 4.7 * [7f1ad3e] link against libgnome-keyring instead of using dlopen() * [57f6712] Added gcc 4.7 patch * [2be55e4] Use GConf and GIO -- Giuseppe Iuculano <email address hidden> Sun, 03 Jun 2012 17:01:46 +0200
Superseded in experimental-release |
chromium-browser (20.0.1132.21~r139451-1) experimental; urgency=low [ Jonathan Nieder ] * [70fc5ec] Refresh patches and add descriptions [ Giuseppe Iuculano ] * [8cb8e89] Use gcc 4.6 for the moment (Closes: #671994) [ Jonathan Nieder ] * [cd6baae] Build-Depends: g++-4.6 * [09908a2] Remove workaround for bug #651912, which seems to have been fixed in libnspr (Closes: #661948) * [58d631d] Remove hardcoded versioned dependency on libnss3-1d * [c9e2e81] Require nspr4 >= 2:4.9-2 (Closes: #651912) [ Giuseppe Iuculano ] * [150b326] Added libssl-dev in B-depends * [88ff66a] Refreshed patches * [7e7de0c] Disable tcmalloc, use internal copy of ffmpeg and libv8 * [ca0f508] Updated patches * [1343b0c] Fixed floating point exception in protobuf internal copy. Thanks to Andrew Chant * [2b62b38] Disable protobuf patch * [cae4c9c] updated vpx patch * [7233f03] Start to fix build issues with gcc 4.7 * [b4e5b1d] Fix FTBFS when compiling with pulseaudio support * [235e171] install all .pak files -- Giuseppe Iuculano <email address hidden> Fri, 01 Jun 2012 15:36:07 +0200
151 → 225 of 294 results | First • Previous • Next • Last |