NBS, uninstallable
chromium-browser (51.0.2704.79-0ubuntu0.14.04.1.1121) trusty-security; urgency=medium * Upstream release 51.0.2704.79: - CVE-2016-1696: Cross-origin bypass in Extension bindings. - CVE-2016-1697: Cross-origin bypass in Blink. - CVE-2016-1698: Information leak in Extension bindings. - CVE-2016-1699: Parameter sanitization failure in DevTools. - CVE-2016-1700: Use-after-free in Extensions. - CVE-2016-1701: Use-after-free in Autofill. - CVE-2016-1702: Out-of-bounds read in Skia. - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 51.0.2704.63: - CVE-2016-1672: Cross-origin bypass in extension bindings. - CVE-2016-1673: Cross-origin bypass in Blink. - CVE-2016-1674: Cross-origin bypass in extensions. - CVE-2016-1675: Cross-origin bypass in Blink. - CVE-2016-1676: Cross-origin bypass in extension bindings. - CVE-2016-1677: Type confusion in V8. - CVE-2016-1678: Heap overflow in V8. - CVE-2016-1679: Heap use-after-free in V8 bindings. - CVE-2016-1680: Heap use-after-free in Skia. - CVE-2016-1681: Heap overflow in PDFium. - CVE-2016-1682: CSP bypass for ServiceWorker. - CVE-2016-1683: Out-of-bounds access in libxslt. - CVE-2016-1684: Integer overflow in libxslt. - CVE-2016-1685: Out-of-bounds read in PDFium. - CVE-2016-1686: Out-of-bounds read in PDFium. - CVE-2016-1687: Information leak in extensions. - CVE-2016-1688: Out-of-bounds read in V8. - CVE-2016-1689: Heap buffer overflow in media. - CVE-2016-1690: Heap use-after-free in Autofill. - CVE-2016-1691: Heap buffer-overflow in Skia. - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. - CVE-2016-1693: HTTP Download of Software Removal Tool. - CVE-2016-1694: HPKP pins removed on cache clearance. - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/blink-platform-export-class: remove patch. Unnecessary. -- Chad MILLER <email address hidden> Thu, 26 May 2016 10:54:29 -0400