Change logs for chromium-browser source package in Buster

chromium-browser (70.0.3538.67-2) unstable; urgency=medium

  * Restore support for building with gtk2.

 -- Michael Gilbert <email address hidden>  Tue, 23 Oct 2018 01:11:35 +0000

chromium-browser (70.0.3538.67-1) unstable; urgency=medium

  * New upstream stable release.
    - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson
      and Niklas Baumstark
    - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson
      and Niklas Baumstark
    - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn
    - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
    - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian
    - CVE-2018-17466: Memory corruption in Angle. Reported by Omair
    - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James
      Lee
    - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou
    - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin
    - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by
      Lnyas Zhang
    - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin
    - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew
    - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by
      Khalil Zhani
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by
      Yannic Bonenberger
    - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton
  * Fix build failure on i386.
  * Fix installation path of the master preferences file (closes: #911056).

 -- Michael Gilbert <email address hidden>  Tue, 16 Oct 2018 12:36:22 +0000

chromium-browser (69.0.3497.92-1) unstable; urgency=medium

  * New upstream security release.
    - Function signature mismatch in WebAssembly. Reported by Kevin Cheung
    - URL Spoofing in Omnibox. Reported by evi1m0

 -- Michael Gilbert <email address hidden>  Thu, 13 Sep 2018 03:12:53 +0000

chromium-browser (69.0.3497.81-3) unstable; urgency=medium

  * Move another file needed for the armhf build to where it is expected.

 -- Michael Gilbert <email address hidden>  Fri, 07 Sep 2018 00:06:13 +0000

chromium-browser (68.0.3440.75-2) unstable; urgency=medium

  * Restore a mistakenly omitted call to InitializeFFmpeg (closes: #902909).

 -- Michael Gilbert <email address hidden>  Thu, 26 Jul 2018 00:37:11 +0000

chromium-browser (67.0.3396.87-1) unstable; urgency=medium

  * New upstream security release.
    - CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and
      Jundong Xie

 -- Michael Gilbert <email address hidden>  Tue, 19 Jun 2018 12:13:46 +0000

chromium-browser (67.0.3396.79-2) unstable; urgency=medium

  * Use embedded ffmpeg code copy (closes: #900533).

 -- Michael Gilbert <email address hidden>  Mon, 11 Jun 2018 00:33:39 +0000

chromium-browser (62.0.3202.89-1) unstable; urgency=medium

  * New upstream security release.
    - CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned
      Williamson
    - CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun
  * Revert new dependency on gconf.
  * Link against system lcms2 library (closes: #879153).
  * Disable device notifications by default (closes: #856571).
  * Remove icon extension from the desktop file (closes: #860256).

 -- Michael Gilbert <email address hidden>  Tue, 07 Nov 2017 02:22:17 +0000

chromium-browser (61.0.3163.100-2) unstable; urgency=medium

  * Add liblcms2-dev as a build dependency (closes: #876804).

 -- Michael Gilbert <email address hidden>  Tue, 26 Sep 2017 12:54:35 +0000

chromium-browser (60.0.3112.78-1) unstable; urgency=medium

  * New upstream stable release:
    - CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson
    - CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng
    - CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera
    - CVE-2017-5094: Type confusion in extensions. Reported by Anonymous
    - CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous
    - CVE-2017-5096: User information leak via Android intents. Reported by
      Takeshi Terada
    - CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous
    - CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim
    - CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu
      Zhou
    - CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous
    - CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera
    - CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous
    - CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous
    - CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani
    - CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security
      Research Lab
    - CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora
    - CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac
    - CVE-2017-5107: User information leak via SVG. Reported by David
      Kohlbrenner
    - CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong
    - CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña
      Morgado
    - CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr

 -- Michael Gilbert <email address hidden>  Thu, 27 Jul 2017 03:22:03 +0000

chromium-browser (59.0.3071.104-1) unstable; urgency=medium

  * New upstream security release.
    - CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson
    - CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong
    - CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski
  * Update get-orig-source to support really long arguments to tar --delete.

 -- Michael Gilbert <email address hidden>  Sat, 17 Jun 2017 20:03:49 +0000