Change log for chromium-browser package in Ubuntu
| 151 → 225 of 614 results | First • Previous • Next • Last |
chromium-browser (71.0.3578.98-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.
-- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 12:55:57 +0100
Available diffs
- diff from 71.0.3578.80-0ubuntu0.18.04.1 to 71.0.3578.98-0ubuntu0.18.04.1 (pending)
chromium-browser (71.0.3578.98-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.
* debian/patches/suppress-newer-clang-warning-flags.patch: added back
-- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 11:54:08 +0100
Available diffs
chromium-browser (71.0.3578.98-0ubuntu1) disco; urgency=medium
* Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.
* debian/patches/suppress-newer-clang-warning-flags.patch: added back
-- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 11:57:41 +0100
Available diffs
chromium-browser (71.0.3578.80-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/no-new-ninja-flag.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 23:08:03 +0100
Available diffs
chromium-browser (71.0.3578.80-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:46:10 +0100
Available diffs
- diff from 70.0.3538.110-0ubuntu0.18.04.1 to 71.0.3578.80-0ubuntu0.18.04.1 (pending)
chromium-browser (71.0.3578.80-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
needed
* debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:21:47 +0100
Available diffs
- diff from 70.0.3538.110-0ubuntu0.18.10.1 to 71.0.3578.80-0ubuntu0.18.10.1 (pending)
chromium-browser (71.0.3578.80-0ubuntu1) disco; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
needed
* debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 21:54:05 +0100
Available diffs
- diff from 70.0.3538.110-0ubuntu1 to 71.0.3578.80-0ubuntu1 (pending)
chromium-browser (70.0.3538.110-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
* debian/patches/relax-ninja-version-requirement.patch: refreshed
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 12:13:30 +0100
Available diffs
- diff from 70.0.3538.77-0ubuntu0.16.04.1 to 70.0.3538.110-0ubuntu0.16.04.1 (pending)
- diff from 70.0.3538.102-0ubuntu0.16.04.1 to 70.0.3538.110-0ubuntu0.16.04.1 (11.0 KiB)
chromium-browser (70.0.3538.110-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 11:36:04 +0100
Available diffs
chromium-browser (70.0.3538.110-0ubuntu0.18.10.1) cosmic; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 11:33:11 +0100
Available diffs
- diff from 70.0.3538.77-0ubuntu0.18.10.1 to 70.0.3538.110-0ubuntu0.18.10.1 (pending)
- diff from 70.0.3538.102-0ubuntu0.18.10.1 to 70.0.3538.110-0ubuntu0.18.10.1 (pending)
chromium-browser (70.0.3538.110-0ubuntu1) disco; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 11:00:39 +0100
Available diffs
chromium-browser (70.0.3538.102-0ubuntu1) disco; urgency=medium
* Upstream release: 70.0.3538.102
- CVE-2018-17478: Out of bounds memory access in V8.
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: added
-- Olivier Tilloy <email address hidden> Wed, 14 Nov 2018 22:29:24 +0100
Available diffs
chromium-browser (70.0.3538.77-0ubuntu1) disco; urgency=medium
* Bump version number for the new development release
(Ubuntu 19.04, the Disco Dingo)
* debian/control: update Vcs-Bzr field
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
-- Olivier Tilloy <email address hidden> Mon, 05 Nov 2018 10:20:01 +0100
chromium-browser (70.0.3538.77-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.77 -- Olivier Tilloy <email address hidden> Thu, 25 Oct 2018 07:33:53 +0200
Available diffs
- diff from 70.0.3538.67-0ubuntu0.16.04.1 to 70.0.3538.77-0ubuntu0.16.04.1 (pending)
chromium-browser (70.0.3538.77-0ubuntu0.18.04.1) bionic; urgency=medium * Upstream release: 70.0.3538.77 -- Olivier Tilloy <email address hidden> Thu, 25 Oct 2018 07:32:56 +0200
Available diffs
- diff from 70.0.3538.67-0ubuntu0.18.04.1 to 70.0.3538.77-0ubuntu0.18.04.1 (pending)
chromium-browser (70.0.3538.77-0ubuntu0.18.10.1) cosmic; urgency=medium * Upstream release: 70.0.3538.77 -- Olivier Tilloy <email address hidden> Thu, 25 Oct 2018 07:01:26 +0200
Available diffs
| Superseded in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
| Superseded in cosmic-updates |
| Superseded in cosmic-security |
chromium-browser (70.0.3538.67-0ubuntu0.18.10.1) cosmic; urgency=medium
* debian/patches/swiftshader-upstream-entry-points.patch: renamed to
debian/patches/swiftshader-gl-entry-trampoline.patch and updated
-- Olivier Tilloy <email address hidden> Tue, 23 Oct 2018 10:03:06 +0200
Available diffs
- diff from 69.0.3497.100-0ubuntu1 (in Ubuntu) to 70.0.3538.67-0ubuntu0.18.10.1 (pending)
| Deleted in cosmic-proposed (Reason: Already published into -updates/-security under a differe...) |
chromium-browser (70.0.3538.67-0ubuntu1) cosmic; urgency=medium
* Upstream release: 70.0.3538.67
- CVE-2018-17462: Sandbox escape in AppCache.
- CVE-2018-17463: Remote code execution in V8.
- CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
- CVE-2018-17464: URL spoof in Omnibox.
- CVE-2018-17465: Use after free in V8.
- CVE-2018-17466: Memory corruption in Angle.
- CVE-2018-17467: URL spoof in Omnibox.
- CVE-2018-17468: Cross-origin URL disclosure in Blink.
- CVE-2018-17469: Heap buffer overflow in PDFium.
- CVE-2018-17470: Memory corruption in GPU Internals.
- CVE-2018-17471: Security UI occlusion in full screen mode.
- CVE-2018-17472: iframe sandbox escape on iOS.
- CVE-2018-17473: URL spoof in Omnibox.
- CVE-2018-17474: Use after free in Blink.
- CVE-2018-17475: URL spoof in Omnibox.
- CVE-2018-17476: Security UI occlusion in full screen mode.
- CVE-2018-5179: Lack of limits on update() in ServiceWorker.
- CVE-2018-17477: UI spoof in Extensions.
* debian/rules:
- remove enable_google_now build flag
- remove use_gtk3 build flag
* debian/patches/arm-neon.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/swiftshader-default-visibility.patch: replaced by
debian/patches/swiftshader-upstream-entry-points.patch
* debian/patches/widevine-other-locations: refreshed
* debian/known_gn_gen_args-*:
- remove enable_google_now build flag
- remove use_gtk3 build flag
-- Olivier Tilloy <email address hidden> Tue, 16 Oct 2018 22:32:27 +0200
Available diffs
- diff from 69.0.3497.100-0ubuntu1 to 70.0.3538.67-0ubuntu1 (pending)
chromium-browser (70.0.3538.67-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 70.0.3538.67
- CVE-2018-17462: Sandbox escape in AppCache.
- CVE-2018-17463: Remote code execution in V8.
- CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
- CVE-2018-17464: URL spoof in Omnibox.
- CVE-2018-17465: Use after free in V8.
- CVE-2018-17466: Memory corruption in Angle.
- CVE-2018-17467: URL spoof in Omnibox.
- CVE-2018-17468: Cross-origin URL disclosure in Blink.
- CVE-2018-17469: Heap buffer overflow in PDFium.
- CVE-2018-17470: Memory corruption in GPU Internals.
- CVE-2018-17471: Security UI occlusion in full screen mode.
- CVE-2018-17472: iframe sandbox escape on iOS.
- CVE-2018-17473: URL spoof in Omnibox.
- CVE-2018-17474: Use after free in Blink.
- CVE-2018-17475: URL spoof in Omnibox.
- CVE-2018-17476: Security UI occlusion in full screen mode.
- CVE-2018-5179: Lack of limits on update() in ServiceWorker.
- CVE-2018-17477: UI spoof in Extensions.
* debian/rules:
- remove enable_google_now build flag
- remove use_gtk3 build flag
* debian/patches/arm-neon.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
* debian/known_gn_gen_args-*:
- remove enable_google_now build flag
- remove use_gtk3 build flag
-- Olivier Tilloy <email address hidden> Tue, 16 Oct 2018 22:54:27 +0200
Available diffs
- diff from 69.0.3497.81-0ubuntu0.16.04.1 (in ~chromium-team/ubuntu/stable-deletedppa) to 70.0.3538.67-0ubuntu0.16.04.1 (pending)
- diff from 69.0.3497.100-0ubuntu0.16.04.1 (in ~chromium-team/ubuntu/stable-deletedppa) to 70.0.3538.67-0ubuntu0.16.04.1 (pending)
chromium-browser (70.0.3538.67-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 70.0.3538.67
- CVE-2018-17462: Sandbox escape in AppCache.
- CVE-2018-17463: Remote code execution in V8.
- CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
- CVE-2018-17464: URL spoof in Omnibox.
- CVE-2018-17465: Use after free in V8.
- CVE-2018-17466: Memory corruption in Angle.
- CVE-2018-17467: URL spoof in Omnibox.
- CVE-2018-17468: Cross-origin URL disclosure in Blink.
- CVE-2018-17469: Heap buffer overflow in PDFium.
- CVE-2018-17470: Memory corruption in GPU Internals.
- CVE-2018-17471: Security UI occlusion in full screen mode.
- CVE-2018-17472: iframe sandbox escape on iOS.
- CVE-2018-17473: URL spoof in Omnibox.
- CVE-2018-17474: Use after free in Blink.
- CVE-2018-17475: URL spoof in Omnibox.
- CVE-2018-17476: Security UI occlusion in full screen mode.
- CVE-2018-5179: Lack of limits on update() in ServiceWorker.
- CVE-2018-17477: UI spoof in Extensions.
* debian/rules:
- remove enable_google_now build flag
- remove use_gtk3 build flag
* debian/patches/arm-neon.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
* debian/known_gn_gen_args-*:
- remove enable_google_now build flag
- remove use_gtk3 build flag
-- Olivier Tilloy <email address hidden> Tue, 16 Oct 2018 22:43:46 +0200
Available diffs
- diff from 69.0.3497.81-0ubuntu0.18.04.1 (in ~chromium-team/ubuntu/stable-deletedppa) to 70.0.3538.67-0ubuntu0.18.04.1 (pending)
- diff from 69.0.3497.100-0ubuntu0.18.04.1 (in ~chromium-team/ubuntu/stable-deletedppa) to 70.0.3538.67-0ubuntu0.18.04.1 (pending)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
chromium-browser (69.0.3497.100-0ubuntu1) cosmic; urgency=medium * Upstream release: 69.0.3497.100 -- Olivier Tilloy <email address hidden> Tue, 18 Sep 2018 08:54:33 +0200
Available diffs
- diff from 69.0.3497.92-0ubuntu1 to 69.0.3497.100-0ubuntu1 (pending)
chromium-browser (69.0.3497.92-0ubuntu1) cosmic; urgency=medium
* Upstream release: 69.0.3497.92
- CVE-2018-XXXXX: Function signature mismatch in WebAssembly.
- CVE-2018-XXXXX: URL Spoofing in Omnibox.
* debian/rules: exclude more build artifacts from the binary package
-- Olivier Tilloy <email address hidden> Tue, 11 Sep 2018 22:45:34 +0200
Available diffs
chromium-browser (69.0.3497.81-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 69.0.3497.81
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
* debian/control: add uuid-dev as a build dependency (needed by fontconfig)
* debian/rules: specify AR=llvm-ar-6.0 to build gn
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-add-missing-arm-impl-files.patch: added
* debian/patches/last-commit-position: replaced by
debian/patches/gn-no-last-commit-position.patch
* debian/patches/no-new-ninja-flag.patch: updated
* debian/patches/relax-ninja-version-requirement.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
-- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 13:47:36 +0200
Available diffs
- diff from 68.0.3440.106-0ubuntu0.16.04.1 to 69.0.3497.81-0ubuntu0.16.04.1 (pending)
chromium-browser (69.0.3497.81-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 69.0.3497.81
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
* debian/control: add uuid-dev as a build dependency (needed by fontconfig)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-add-missing-arm-impl-files.patch: added
* debian/patches/last-commit-position: replaced by
debian/patches/gn-no-last-commit-position.patch
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
-- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 13:23:39 +0200
Available diffs
- diff from 68.0.3440.106-0ubuntu0.18.04.1 to 69.0.3497.81-0ubuntu0.18.04.1 (pending)
chromium-browser (69.0.3497.81-0ubuntu1) cosmic; urgency=medium
* Upstream release: 69.0.3497.81
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
* debian/control: add uuid-dev as a build dependency (needed by fontconfig)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/clang-601-atomics.patch: removed, no longer needed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-add-missing-arm-impl-files.patch: added
* debian/patches/last-commit-position: replaced by
debian/patches/gn-no-last-commit-position.patch
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/swiftshader-default-visibility.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
-- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 09:41:19 +0200
Available diffs
- diff from 68.0.3440.106-0ubuntu1 to 69.0.3497.81-0ubuntu1 (pending)
chromium-browser (68.0.3440.106-0ubuntu1) cosmic; urgency=medium * Upstream release: 68.0.3440.106 -- Olivier Tilloy <email address hidden> Wed, 08 Aug 2018 23:27:06 +0200
Available diffs
chromium-browser (68.0.3440.106-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 68.0.3440.106 -- Olivier Tilloy <email address hidden> Thu, 09 Aug 2018 00:10:42 +0200
Available diffs
chromium-browser (68.0.3440.106-0ubuntu0.18.04.1) bionic; urgency=medium * Upstream release: 68.0.3440.106 -- Olivier Tilloy <email address hidden> Wed, 08 Aug 2018 23:59:05 +0200
Available diffs
- diff from 68.0.3440.75-0ubuntu0.18.04.1 to 68.0.3440.106-0ubuntu0.18.04.1 (73.6 KiB)
- diff from 68.0.3440.84-0ubuntu0.18.04.1 to 68.0.3440.106-0ubuntu0.18.04.1 (pending)
chromium-browser (68.0.3440.84-0ubuntu1) cosmic; urgency=medium * Upstream release: 68.0.3440.84 * debian/patches/add-missing-base-namespace.patch: removed, no longer needed * debian/patches/widevine-other-locations: updated -- Olivier Tilloy <email address hidden> Wed, 01 Aug 2018 08:16:10 +0200
Available diffs
- diff from 68.0.3440.75-0ubuntu1 to 68.0.3440.84-0ubuntu1 (pending)
chromium-browser (68.0.3440.75-0ubuntu1) cosmic; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
-- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 09:22:28 +0200
Available diffs
- diff from 67.0.3396.99-0ubuntu1 to 68.0.3440.75-0ubuntu1 (pending)
| Superseded in xenial-updates |
| Deleted in xenial-updates (Reason: stupid archive tricks to roll back for point release snap...) |
| Deleted in xenial-updates (Reason: stupid archive tricks to roll back for point release snap...) |
| Superseded in xenial-security |
chromium-browser (68.0.3440.75-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/no-new-ninja-flag.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
-- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 10:51:24 +0200
Available diffs
- diff from 67.0.3396.99-0ubuntu0.16.04.2 to 68.0.3440.75-0ubuntu0.16.04.1 (pending)
chromium-browser (68.0.3440.75-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
-- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 10:05:09 +0200
Available diffs
- diff from 67.0.3396.99-0ubuntu0.18.04.1 to 68.0.3440.75-0ubuntu0.18.04.1 (pending)
| Superseded in xenial-updates |
| Superseded in xenial-updates |
| Superseded in xenial-updates |
| Superseded in xenial-security |
chromium-browser (67.0.3396.99-0ubuntu0.16.04.2) xenial; urgency=medium * debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, no longer needed -- Olivier Tilloy <email address hidden> Wed, 11 Jul 2018 10:22:52 +0200
Available diffs
- diff from 68.0.3440.75-0ubuntu0.16.04.1 to 67.0.3396.99-0ubuntu0.16.04.2 (pending)
- diff from 66.0.3359.181-0ubuntu0.16.04.1 to 67.0.3396.99-0ubuntu0.16.04.2 (66.8 MiB)
- diff from 67.0.3396.62-0ubuntu0.16.04.1 to 67.0.3396.99-0ubuntu0.16.04.2 (290.3 KiB)
- diff from 67.0.3396.99-0ubuntu0.16.04.1 to 67.0.3396.99-0ubuntu0.16.04.2 (1.7 KiB)
chromium-browser (67.0.3396.99-0ubuntu0.17.10.1) artful; urgency=medium
* Upstream release: 67.0.3396.99
- CVE-2018-6148: Incorrect handling of CSP header.
- CVE-2018-6149: Out of bounds write in V8.
-- Olivier Tilloy <email address hidden> Mon, 09 Jul 2018 23:29:07 +0200
Available diffs
- diff from 66.0.3359.181-0ubuntu0.17.10.1 to 67.0.3396.99-0ubuntu0.17.10.1 (pending)
- diff from 67.0.3396.62-0ubuntu0.17.10.1 to 67.0.3396.99-0ubuntu0.17.10.1 (287.8 KiB)
chromium-browser (67.0.3396.99-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 67.0.3396.99
- CVE-2018-6148: Incorrect handling of CSP header.
- CVE-2018-6149: Out of bounds write in V8.
-- Olivier Tilloy <email address hidden> Mon, 09 Jul 2018 23:06:17 +0200
Available diffs
chromium-browser (67.0.3396.99-0ubuntu1) cosmic; urgency=medium
* Upstream release: 67.0.3396.99
- CVE-2018-6148: Incorrect handling of CSP header.
- CVE-2018-6149: Out of bounds write in V8.
* debian/patches/clang-601-atomics.patch: added (LP: #1780747)
-- Olivier Tilloy <email address hidden> Mon, 09 Jul 2018 19:32:25 +0200
Available diffs
chromium-browser (67.0.3396.62-0ubuntu1) cosmic; urgency=medium
* Upstream release: 67.0.3396.62
- CVE-2018-6123: Use after free in Blink.
- CVE-2018-6124: Type confusion in Blink.
- CVE-2018-6125: Overly permissive policy in WebUSB.
- CVE-2018-6126: Heap buffer overflow in Skia.
- CVE-2018-6127: Use after free in indexedDB.
- CVE-2018-6128: uXSS in Chrome on iOS.
- CVE-2018-6129: Out of bounds memory access in WebRTC.
- CVE-2018-6130: Out of bounds memory access in WebRTC.
- CVE-2018-6131: Incorrect mutability protection in WebAssembly.
- CVE-2018-6132: Use of uninitialized memory in WebRTC.
- CVE-2018-6133: URL spoof in Omnibox.
- CVE-2018-6134: Referrer Policy bypass in Blink.
- CVE-2018-6135: UI spoofing in Blink.
- CVE-2018-6136: Out of bounds memory access in V8.
- CVE-2018-6137: Leak of visited status of page in Blink.
- CVE-2018-6138: Overly permissive policy in Extensions.
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
- CVE-2018-6141: Heap buffer overflow in Skia.
- CVE-2018-6142: Out of bounds memory access in V8.
- CVE-2018-6143: Out of bounds memory access in V8.
- CVE-2018-6144: Out of bounds memory access in PDFium.
- CVE-2018-6145: Incorrect escaping of MathML in Blink.
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views.
* debian/rules: stop installing an outdated chromium-browser.svg icon
(LP: #1771847)
* debian/chromium-browser.svg: removed (outdated)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: updated
* debian/patches/fix-crashpad-linux-compat.patch: added
* debian/patches/fix-extra-arflags.patch: added
* debian/patches/revert-clang-nostdlib++.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-disable-neon.patch: removed, no longer needed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/widevine-allow-enable.patch: added
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <email address hidden> Wed, 30 May 2018 12:22:22 +0200
Available diffs
- diff from 66.0.3359.181-0ubuntu1 to 67.0.3396.62-0ubuntu1 (pending)
chromium-browser (66.0.3359.181-0ubuntu1) cosmic; urgency=medium * Upstream release: 66.0.3359.181 -- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:20:10 +0200
Available diffs
chromium-browser (66.0.3359.181-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 66.0.3359.181 -- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:36:44 +0200
Available diffs
chromium-browser (66.0.3359.181-0ubuntu0.17.10.1) artful; urgency=medium * Upstream release: 66.0.3359.181 -- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:31:19 +0200
Available diffs
chromium-browser (66.0.3359.181-0ubuntu0.18.04.1) bionic; urgency=medium * Upstream release: 66.0.3359.181 -- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:17:08 +0200
Available diffs
- diff from 66.0.3359.139-0ubuntu0.18.04.3 to 66.0.3359.181-0ubuntu0.18.04.1 (198.9 KiB)
- diff from 66.0.3359.170-0ubuntu0.18.04.1 to 66.0.3359.181-0ubuntu0.18.04.1 (pending)
chromium-browser (66.0.3359.170-0ubuntu1) cosmic; urgency=medium
* Upstream release: 66.0.3359.170
- CVE-2018-6121: Privilege Escalation in extensions.
- CVE-2018-6122: Type confusion in V8.
- CVE-2018-6120: Heap buffer overflow in PDFium.
-- Olivier Tilloy <email address hidden> Fri, 11 May 2018 14:57:36 +0200
Available diffs
chromium-browser (66.0.3359.139-0ubuntu1) cosmic; urgency=medium * No-change rebuild for the Cosmic Cuttlefish (18.10) -- Olivier Tilloy <email address hidden> Tue, 08 May 2018 21:59:31 +0200
Available diffs
- diff from 65.0.3325.181-0ubuntu1 to 66.0.3359.139-0ubuntu1 (pending)
chromium-browser (66.0.3359.139-0ubuntu0.16.04.3) xenial; urgency=medium
* debian/control: build-depend on clang-5.0 and llvm-5.0, which are now in
xenial-updates
* debian/rules: build gn with clang 5.0
* debian/patches/restore-clang-no-integrated-as.patch: removed, no longer
needed
* debian/patches/skia-undef-HWCAP_CRC32.patch: added
* debian/patches/use-clang-versioned.patch: updated
-- Olivier Tilloy <email address hidden> Fri, 04 May 2018 16:28:21 +0200
Available diffs
- diff from 65.0.3325.181-0ubuntu0.16.04.1 to 66.0.3359.139-0ubuntu0.16.04.3 (pending)
- diff from 66.0.3359.139-0ubuntu0.16.04.2 to 66.0.3359.139-0ubuntu0.16.04.3 (1.9 KiB)
chromium-browser (66.0.3359.139-0ubuntu0.18.04.3) bionic; urgency=medium
* debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, not needed with
recent versions of clang (>= 6.0)
-- Olivier Tilloy <email address hidden> Fri, 04 May 2018 15:50:30 +0200
Available diffs
- diff from 63.0.3239.132-0ubuntu1 to 66.0.3359.139-0ubuntu0.18.04.3 (pending)
- diff from 66.0.3359.139-0ubuntu0.18.04.2 to 66.0.3359.139-0ubuntu0.18.04.3 (pending)
chromium-browser (66.0.3359.139-0ubuntu0.17.10.2) artful; urgency=medium
* debian/rules: do not build with use_custom_libcxx=false after all, this
didn't work on xenial and older because the system libstdc++ was too old,
and we'd rather stick to the same build options on all supported releases,
where possible
* debian/patches/libcxxabi-arm-ehabi-fix.patch: added (LP: #1768653)
-- Olivier Tilloy <email address hidden> Thu, 03 May 2018 16:59:03 +0200
Available diffs
- diff from 65.0.3325.181-0ubuntu0.17.10.1 to 66.0.3359.139-0ubuntu0.17.10.2 (pending)
- diff from 66.0.3359.139-0ubuntu0.17.10.1 to 66.0.3359.139-0ubuntu0.17.10.2 (pending)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
chromium-browser (65.0.3325.181-0ubuntu1) bionic; urgency=medium * Upstream release: 65.0.3325.181 -- Olivier Tilloy <email address hidden> Wed, 21 Mar 2018 11:27:29 +0100
Available diffs
- diff from 65.0.3325.146-0ubuntu1 to 65.0.3325.181-0ubuntu1 (pending)
chromium-browser (65.0.3325.181-0ubuntu0.14.04.1) trusty; urgency=medium * Upstream release: 65.0.3325.181 -- Olivier Tilloy <email address hidden> Wed, 21 Mar 2018 14:32:29 +0100
Available diffs
- diff from 66.0.3350.0-0ubuntu1~ppa6~14.04.1 (in ~saiarcot895/ubuntu/chromium-dev) to 65.0.3325.181-0ubuntu0.14.04.1 (pending)
- diff from 64.0.3282.167-0ubuntu0.14.04.1 to 65.0.3325.181-0ubuntu0.14.04.1 (pending)
- diff from 65.0.3325.146-0ubuntu0.14.04.1 to 65.0.3325.181-0ubuntu0.14.04.1 (pending)
chromium-browser (65.0.3325.181-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 65.0.3325.181 -- Olivier Tilloy <email address hidden> Wed, 21 Mar 2018 13:51:29 +0100
Available diffs
- diff from 64.0.3282.167-0ubuntu0.16.04.1 to 65.0.3325.181-0ubuntu0.16.04.1 (pending)
- diff from 65.0.3325.146-0ubuntu0.16.04.1 to 65.0.3325.181-0ubuntu0.16.04.1 (pending)
chromium-browser (65.0.3325.181-0ubuntu0.17.10.1) artful; urgency=medium * Upstream release: 65.0.3325.181 -- Olivier Tilloy <email address hidden> Wed, 21 Mar 2018 13:21:03 +0100
Available diffs
- diff from 64.0.3282.167-0ubuntu0.17.10.1 to 65.0.3325.181-0ubuntu0.17.10.1 (pending)
- diff from 65.0.3325.146-0ubuntu0.17.10.1 to 65.0.3325.181-0ubuntu0.17.10.1 (pending)
chromium-browser (65.0.3325.146-0ubuntu1) bionic; urgency=medium
* Upstream release: 65.0.3325.146
- CVE-2018-6058: Use after free in Flash.
- CVE-2018-6059: Use after free in Flash.
- CVE-2018-6060: Use after free in Blink.
- CVE-2018-6061: Race condition in V8.
- CVE-2018-6062: Heap buffer overflow in Skia.
- CVE-2018-6057: Incorrect permissions on shared memory.
- CVE-2018-6063: Incorrect permissions on shared memory.
- CVE-2018-6064: Type confusion in V8.
- CVE-2018-6065: Integer overflow in V8.
- CVE-2018-6066: Same Origin Bypass via canvas.
- CVE-2018-6067: Buffer overflow in Skia.
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
- CVE-2018-6069: Stack buffer overflow in Skia.
- CVE-2018-6070: CSP bypass through extensions.
- CVE-2018-6071: Heap bufffer overflow in Skia.
- CVE-2018-6072: Integer overflow in PDFium.
- CVE-2018-6073: Heap bufffer overflow in WebGL.
- CVE-2018-6074: Mark-of-the-Web bypass.
- CVE-2018-6075: Overly permissive cross origin downloads.
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
- CVE-2018-6077: Timing attack using SVG filters.
- CVE-2018-6078: URL Spoof in OmniBox.
- CVE-2018-6079: Information disclosure via texture data in WebGL.
- CVE-2018-6080: Information disclosure in IPC call.
- CVE-2018-6081: XSS in interstitials.
- CVE-2018-6082: Circumvention of port blocking.
- CVE-2018-6083: Incorrect processing of AppManifests.
* debian/rules: remove use_gconf build flag
* debian/patches/3-chrome-xid.patch: removed, unused
* debian/patches/5-desktop-integration-settings.patch: removed, unused
* debian/patches/6-passwordless-install-support.patch: removed, unused
* debian/patches/7-npapi-permission-not-defaults-to-unauthorized.patch:
removed, unused
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/breakpad: removed, unused
* debian/patches/cups-include-deprecated-ppd: removed, unused
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: updated
* debian/patches/display-scaling-default-value: removed, unused
* debian/patches/do-not-use-bundled-clang: removed, unused
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/enable_vaapi_on_linux.diff: removed, unused
* debian/patches/flash-redirection: removed, unused
* debian/patches/format-flag.patch: removed, unused
* debian/patches/gpu_default_disabled: removed, unused
* debian/patches/gsettings-display-scaling: removed, unused
* debian/patches/ld-memory-32bit.patch: removed, unused
* debian/patches/linker-asneeded-bug.patch: removed, unused
* debian/patches/lp-translations-paths: removed, unused
* debian/patches/mir-ozone-module: removed, unused
* debian/patches/mir-support: removed, unused
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/wayland-ozone: removed, unused
* debian/patches/xdg-settings-multiexec-desktopfiles.patch: removed, unused
* debian/known_gn_gen_args-*: remove use_gconf build flag
-- Olivier Tilloy <email address hidden> Wed, 07 Mar 2018 11:40:01 +0100
Available diffs
- diff from 64.0.3282.167-0ubuntu1 to 65.0.3325.146-0ubuntu1 (pending)
chromium-browser (64.0.3282.167-0ubuntu0.14.04.1) trusty; urgency=medium
* Upstream release: 64.0.3282.167
- CVE-2018-6056: Incorrect derived class instantiation in V8.
-- Olivier Tilloy <email address hidden> Wed, 14 Feb 2018 12:02:53 +0100
Available diffs
chromium-browser (64.0.3282.167-0ubuntu1) bionic; urgency=medium
* Upstream release: 64.0.3282.167
- CVE-2018-6056: Incorrect derived class instantiation in V8.
-- Olivier Tilloy <email address hidden> Wed, 14 Feb 2018 10:48:37 +0100
Available diffs
chromium-browser (64.0.3282.167-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 64.0.3282.167
- CVE-2018-6056: Incorrect derived class instantiation in V8.
-- Olivier Tilloy <email address hidden> Wed, 14 Feb 2018 11:54:37 +0100
Available diffs
chromium-browser (64.0.3282.167-0ubuntu0.17.10.1) artful; urgency=medium
* Upstream release: 64.0.3282.167
- CVE-2018-6056: Incorrect derived class instantiation in V8.
-- Olivier Tilloy <email address hidden> Wed, 14 Feb 2018 11:33:57 +0100
Available diffs
- diff from 64.0.3282.140-0ubuntu0.17.10.1 to 64.0.3282.167-0ubuntu0.17.10.1 (pending)
chromium-browser (64.0.3282.140-0ubuntu0.14.04.1) trusty; urgency=medium * Upstream release: 64.0.3282.140 -- Olivier Tilloy <email address hidden> Fri, 02 Feb 2018 15:39:55 +0100
Available diffs
chromium-browser (64.0.3282.140-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 64.0.3282.140 -- Olivier Tilloy <email address hidden> Fri, 02 Feb 2018 15:30:32 +0100
Available diffs
chromium-browser (64.0.3282.140-0ubuntu0.17.10.1) artful; urgency=medium * Upstream release: 64.0.3282.140 -- Olivier Tilloy <email address hidden> Fri, 02 Feb 2018 15:06:55 +0100
Available diffs
chromium-browser (64.0.3282.140-0ubuntu1) bionic; urgency=medium * Upstream release: 64.0.3282.140 -- Olivier Tilloy <email address hidden> Fri, 02 Feb 2018 14:41:09 +0100
Available diffs
- diff from 64.0.3282.119-0ubuntu1 to 64.0.3282.140-0ubuntu1 (pending)
chromium-browser (64.0.3282.119-0ubuntu1) bionic; urgency=medium
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-xlocale-header.patch: removed, no longer needed
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
-- Olivier Tilloy <email address hidden> Wed, 24 Jan 2018 23:18:03 +0100
Available diffs
chromium-browser (64.0.3282.119-0ubuntu0.14.04.1) trusty; urgency=medium
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/build-with-gcc-mozilla.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-c++14-compilation.patch: added
* debian/patches/fix-c++14-compilation-2.patch: added
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/fix-missing-include.patch: added
* debian/patches/gtk-3-10.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-new-ninja-flag.patch: refreshed
* debian/patches/relax-ninja-version-requirement.patch: refreshed
* debian/patches/restore-clang-no-integrated-as.patch: added
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
-- Olivier Tilloy <email address hidden> Wed, 24 Jan 2018 23:44:17 +0100
Available diffs
chromium-browser (64.0.3282.119-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-new-ninja-flag.patch: refreshed
* debian/patches/relax-ninja-version-requirement.patch: refreshed
* debian/patches/restore-clang-no-integrated-as.patch: added
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
-- Olivier Tilloy <email address hidden> Wed, 24 Jan 2018 23:32:17 +0100
Available diffs
- diff from 63.0.3239.132-0ubuntu0.16.04.1 to 64.0.3282.119-0ubuntu0.16.04.1 (pending)
chromium-browser (64.0.3282.119-0ubuntu0.17.10.1) artful; urgency=medium
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-xlocale-header.patch: removed, no longer needed
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
-- Olivier Tilloy <email address hidden> Wed, 24 Jan 2018 23:09:31 +0100
Available diffs
| Superseded in bionic-proposed |
chromium-browser (63.0.3239.132-0ubuntu1) bionic; urgency=medium * Upstream release: 63.0.3239.132 * debian/rules: do not install files used for building only (LP: #1742653) -- Olivier Tilloy <email address hidden> Sun, 14 Jan 2018 21:20:25 +0100
Available diffs
chromium-browser (63.0.3239.132-0ubuntu0.14.04.1) trusty; urgency=medium * Upstream release: 63.0.3239.132 * debian/rules: do not install files used for building only (LP: #1742653) -- Olivier Tilloy <email address hidden> Sun, 14 Jan 2018 21:37:42 +0100
Available diffs
chromium-browser (63.0.3239.132-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 63.0.3239.132 * debian/rules: do not install files used for building only (LP: #1742653) -- Olivier Tilloy <email address hidden> Sun, 14 Jan 2018 21:29:46 +0100
Available diffs
chromium-browser (63.0.3239.132-0ubuntu0.17.10.2) artful; urgency=medium * debian/rules: do not install files used for building only (LP: #1742653) -- Olivier Tilloy <email address hidden> Thu, 11 Jan 2018 17:08:05 +0100
chromium-browser (63.0.3239.108-0ubuntu1) bionic; urgency=medium
* Upstream release: 63.0.3239.108
- CVE-2017-15429: UXSS in V8.
* debian/control: update Vcs-Bzr field
-- Olivier Tilloy <email address hidden> Fri, 15 Dec 2017 07:22:31 +0100
Available diffs
chromium-browser (63.0.3239.84-0ubuntu1) bionic; urgency=medium
* Upstream release: 63.0.3239.84
- CVE-2017-15407: Out of bounds write in QUIC.
- CVE-2017-15408: Heap buffer overflow in PDFium.
- CVE-2017-15409: Out of bounds write in Skia.
- CVE-2017-15410: Use after free in PDFium.
- CVE-2017-15411: Use after free in PDFium.
- CVE-2017-15412: Use after free in libXML.
- CVE-2017-15413: Type confusion in WebAssembly.
- CVE-2017-15415: Pointer information disclosure in IPC call.
- CVE-2017-15416: Out of bounds read in Blink.
- CVE-2017-15417: Cross origin information disclosure in Skia.
- CVE-2017-15418: Use of uninitialized value in Skia.
- CVE-2017-15419: Cross origin leak of redirect URL in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2017-15422: Integer overflow in ICU.
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
- CVE-2017-15424: URL Spoof in Omnibox.
- CVE-2017-15425: URL Spoof in Omnibox.
- CVE-2017-15426: URL Spoof in Omnibox.
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
* debian/rules:
- replace allow_posix_link_time_opt=false by use_lld=false,
is_cfi=false and use_thin_lto=false
- rename use_vulcanize GN flag to optimize_webui
- generate the man page as it's not being built with chromium any
longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
* debian/patches/arm-neon.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
debian/patches/widevine-revision.patch
* debian/patches/glibc-2-26-changes.patch: renamed to
debian/patches/no-xlocale-header.patch and updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1652110)
* debian/patches/widevine-revision.patch: added (LP: #1652110)
-- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 10:00:14 +0100
Available diffs
chromium-browser (63.0.3239.84-0ubuntu0.14.04.1) trusty; urgency=medium
* Upstream release: 63.0.3239.84
- CVE-2017-15407: Out of bounds write in QUIC.
- CVE-2017-15408: Heap buffer overflow in PDFium.
- CVE-2017-15409: Out of bounds write in Skia.
- CVE-2017-15410: Use after free in PDFium.
- CVE-2017-15411: Use after free in PDFium.
- CVE-2017-15412: Use after free in libXML.
- CVE-2017-15413: Type confusion in WebAssembly.
- CVE-2017-15415: Pointer information disclosure in IPC call.
- CVE-2017-15416: Out of bounds read in Blink.
- CVE-2017-15417: Cross origin information disclosure in Skia.
- CVE-2017-15418: Use of uninitialized value in Skia.
- CVE-2017-15419: Cross origin leak of redirect URL in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2017-15422: Integer overflow in ICU.
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
- CVE-2017-15424: URL Spoof in Omnibox.
- CVE-2017-15425: URL Spoof in Omnibox.
- CVE-2017-15426: URL Spoof in Omnibox.
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
* debian/control: build-depend on gcc-mozilla (which is effectively gcc 4.9
on trusty)
* debian/rules:
- change use_gold GN flag to false
- remove linux_use_bundled_binutils=false GN flag
- replace allow_posix_link_time_opt=false by use_lld=false, is_cfi=false
and use_thin_lto=false
- rename use_vulcanize GN flag to optimize_webui
- generate the man page as it's not being built with chromium any
longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
* debian/patches/arm-neon.patch: refreshed
* debian/patches/build-with-gcc-mozilla.patch: added
* debian/patches/c++-compatibility.patch: removed, no longer needed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
debian/patches/widevine-revision.patch
* debian/patches/no-new-ninja-flag.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1652110)
* debian/patches/widevine-revision.patch: added (LP: #1652110)
-- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 13:51:08 +0100
chromium-browser (63.0.3239.84-0ubuntu0.16.04.1) xenial; urgency=medium
* Upstream release: 63.0.3239.84
- CVE-2017-15407: Out of bounds write in QUIC.
- CVE-2017-15408: Heap buffer overflow in PDFium.
- CVE-2017-15409: Out of bounds write in Skia.
- CVE-2017-15410: Use after free in PDFium.
- CVE-2017-15411: Use after free in PDFium.
- CVE-2017-15412: Use after free in libXML.
- CVE-2017-15413: Type confusion in WebAssembly.
- CVE-2017-15415: Pointer information disclosure in IPC call.
- CVE-2017-15416: Out of bounds read in Blink.
- CVE-2017-15417: Cross origin information disclosure in Skia.
- CVE-2017-15418: Use of uninitialized value in Skia.
- CVE-2017-15419: Cross origin leak of redirect URL in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2017-15422: Integer overflow in ICU.
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
- CVE-2017-15424: URL Spoof in Omnibox.
- CVE-2017-15425: URL Spoof in Omnibox.
- CVE-2017-15426: URL Spoof in Omnibox.
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
* debian/rules:
- replace allow_posix_link_time_opt=false by use_lld=false, is_cfi=false
and use_thin_lto=false
- rename use_vulcanize GN flag to optimize_webui
- generate the man page as it's not being built with chromium any
longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
- build gn with clang
* debian/patches/arm-neon.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
debian/patches/widevine-revision.patch
* debian/patches/no-new-ninja-flag.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1652110)
* debian/patches/widevine-revision.patch: added (LP: #1652110)
-- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 13:43:39 +0100
chromium-browser (63.0.3239.84-0ubuntu0.17.04.1) zesty; urgency=medium
* Upstream release: 63.0.3239.84
- CVE-2017-15407: Out of bounds write in QUIC.
- CVE-2017-15408: Heap buffer overflow in PDFium.
- CVE-2017-15409: Out of bounds write in Skia.
- CVE-2017-15410: Use after free in PDFium.
- CVE-2017-15411: Use after free in PDFium.
- CVE-2017-15412: Use after free in libXML.
- CVE-2017-15413: Type confusion in WebAssembly.
- CVE-2017-15415: Pointer information disclosure in IPC call.
- CVE-2017-15416: Out of bounds read in Blink.
- CVE-2017-15417: Cross origin information disclosure in Skia.
- CVE-2017-15418: Use of uninitialized value in Skia.
- CVE-2017-15419: Cross origin leak of redirect URL in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2017-15422: Integer overflow in ICU.
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
- CVE-2017-15424: URL Spoof in Omnibox.
- CVE-2017-15425: URL Spoof in Omnibox.
- CVE-2017-15426: URL Spoof in Omnibox.
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
* debian/rules:
- replace allow_posix_link_time_opt=false by use_lld=false, is_cfi=false
and use_thin_lto=false
- rename use_vulcanize GN flag to optimize_webui
- generate the man page as it's not being built with chromium any
longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
- build gn with clang
* debian/patches/arm-neon.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
debian/patches/widevine-revision.patch
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1652110)
* debian/patches/widevine-revision.patch: added (LP: #1652110)
-- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 13:35:57 +0100
Available diffs
- diff from 62.0.3202.94-0ubuntu0.17.04.1388 (in ~osomon/ubuntu/chromium-stable-deletedppa) to 63.0.3239.84-0ubuntu0.17.04.1 (pending)
chromium-browser (63.0.3239.84-0ubuntu0.17.10.1) artful; urgency=medium
* Upstream release: 63.0.3239.84
- CVE-2017-15407: Out of bounds write in QUIC.
- CVE-2017-15408: Heap buffer overflow in PDFium.
- CVE-2017-15409: Out of bounds write in Skia.
- CVE-2017-15410: Use after free in PDFium.
- CVE-2017-15411: Use after free in PDFium.
- CVE-2017-15412: Use after free in libXML.
- CVE-2017-15413: Type confusion in WebAssembly.
- CVE-2017-15415: Pointer information disclosure in IPC call.
- CVE-2017-15416: Out of bounds read in Blink.
- CVE-2017-15417: Cross origin information disclosure in Skia.
- CVE-2017-15418: Use of uninitialized value in Skia.
- CVE-2017-15419: Cross origin leak of redirect URL in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2017-15422: Integer overflow in ICU.
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
- CVE-2017-15424: URL Spoof in Omnibox.
- CVE-2017-15425: URL Spoof in Omnibox.
- CVE-2017-15426: URL Spoof in Omnibox.
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
* debian/rules:
- replace allow_posix_link_time_opt=false by use_lld=false,
is_cfi=false and use_thin_lto=false
- rename use_vulcanize GN flag to optimize_webui
- generate the man page as it's not being built with chromium any
longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
* debian/patches/arm-neon.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
debian/patches/widevine-revision.patch
* debian/patches/glibc-2-26-changes.patch: renamed to
debian/patches/no-xlocale-header.patch and updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1652110)
* debian/patches/widevine-revision.patch: added (LP: #1652110)
-- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 13:28:26 +0100
Available diffs
- diff from 62.0.3202.94-0ubuntu0.17.10.1388 (in ~osomon/ubuntu/chromium-stable-deletedppa) to 63.0.3239.84-0ubuntu0.17.10.1 (pending)
chromium-browser (62.0.3202.94-0ubuntu1.1388) bionic; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:45:15 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu1.1386) bionic; urgency=medium
* Upstream release: 62.0.3202.89
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.
-- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:43:04 +0100
| 151 → 225 of 614 results | First • Previous • Next • Last |
