chromium-browser 23.0.1271.97-0ubuntu0.12.04.1 source package in Ubuntu


chromium-browser (23.0.1271.97-0ubuntu0.12.04.1) precise-security; urgency=low

  * Omit resources/extension/demo files from any packaging verification
    because they're unwanted.
  * Update README.source to include some of these changes.
  * Drop "lzma" from build dependencies.
  * Make most patches follow a common format (no timestamps), to avoid
    future churn.
  * debian/patches/ renamed to drop ".in",
    OS "Ubuntu" hardcoded with no compilation-release name, and patch
    refreshed to follow new location of source.
  * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
    to be safer and faster.
  * Also don't include python bytecode or cache files in orig tarball,
    and clean then up on "clean" rule.
  * Write the "REMOVED" list files to the root of the orig tarball,
    instead of inside the src/ directory, where they could collide.
  * Fix dpkg-source warning: Clean up python cached bytecode files.
  * Fix dpkg-source warning: Remove autoconf cache.
  * Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
  * Fix lintian error not-binnmuable-all-depends-any.
  * Override lintian complaints ancient-autotools-helper-file and
  * debian/patches/arm-neon.patch added to get ARM w/o Neon support.
    (LP: #1084852)
  * In debian/rules, avoid creating invalid subst expression in sed
    of DEBIAN* vars into files.
  * Remove unnecessary glib-header-single-entry.patch .
  * Add patches/struct-siginfo.patch to work around source bug in dereferencing
    internal stuct instead of public type.
  * New upstream version 23.0.1271.97
    - CVE-2012-5139: Use-after-free with visibility events.
    - CVE-2012-5140: Use-after-free in URL loader.
    - CVE-2012-5141: Limit Chromoting client plug-in instantiation.
    - CVE-2012-5142: Crash in history navigation.
    - CVE-2012-5143: Integer overflow in PPAPI image buffers.
    - CVE-2012-5144: Stack corruption in AAC decoding.

chromium-browser (23.0.1271.95-0ubuntu0.12.04.1) UNRELEASED; urgency=low

  [ Micah Gersten <email address hidden> ]
  * New upstream version 23.0.1271.95 (LP: #1086613)
    - CVE-2012-5138: Incorrect file path handling.
    - CVE-2012-5137: Use-after-free in media source handling.
  * Hardcode Ubuntu in Chromium user agent patch; Drop release specific part
    similar to what was done with Firefox; Drop from subst_files in rules
    - rename debian/patches/ => debian/patches/chromium_useragent.patch
    - update debian/patches/chromium_useragent.patch
    - update debian/rules
  * Disable user agent patch for the moment as it doesn't apply cleanly
    - update debian/patches/series
  * Switch to xz binary packages, use Pre-Depends on dpkg (>= 1.15.6~)
    - update debian/control
  * Drop armhf FTBFS patch as it's been superseded by upstream changes
    - drop debian/patches/fix-armhf-ftbfs.patch
    - update debian/patches/series

  [ Chad Miller <email address hidden> ]
  * Add localization support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms.
  * No longer include Launchpad-generated translations.
  * Disable grd_parse_fix.patch
  * No longer expect unpacked tarball to contain "build-tree".
  * Fix build warning about missing debian/source/format.  Set to "3.0
  * Make system-v8 patch use "type none" instead of "type settings".; Leave
    Patch disabled
  * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
    executing program is not dpkg-buildpackage.
  * Make rules file generate LASTCHANGE file at new location.
  * Change get-sources command to kill script when it fails to disable
    gyp-chromium run from DEPS. Never fail silently again.
  * Drop SCM revision from the version.
  * New upstream version 23.0.1271.91
    - CVE-2012-5133: Use-after-free in SVG filters.
    - CVE-2012-5130: Out-of-bounds read in Skia.
    - CVE-2012-5132: Browser crash with chunked encoding.
    - CVE-2012-5134: Buffer underflow in libxml.
    - CVE-2012-5135: Use-after-free with printing.
    - CVE-2012-5136: Bad cast in input element handling.
  * Includes CVE fixes for 23.0.1271.64
    - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
    - CVE-2012-5120: Out-of-bounds array access in v8.
    - CVE-2012-5116: Use-after-free in SVG filter handling.
    - CVE-2012-5121: Use-after-free in video layout.
    - CVE-2012-5117: Inappropriate load of SVG subresource in img context.
    - CVE-2012-5119: Race condition in Pepper buffer handling.
    - CVE-2012-5122: Bad cast in input handling.
    - CVE-2012-5123: Out-of-bounds reads in Skia.
    - CVE-2012-5124: Memory corruption in texture handling.
    - CVE-2012-5125: Use-after-free in extension tab handling.
    - CVE-2012-5126: Use-after-free in plug-in placeholder handling.
    - CVE-2012-5128: Bad write in v8.
  * Includes CVE fixes for 22.0.1229.94
    - CVE-2012-5112: SVG use-after-free and IPC arbitrary file write.
  * Includes CVE fixes for 22.0.1229.92
    - CVE-2012-2900: Crash in Skia text rendering.
    - CVE-2012-5108: Race condition in audio device handling.
    - CVE-2012-5109: OOB read in ICU regex.
    - CVE-2012-5110: Out-of-bounds read in compositor.
    - CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins.
  * Includes CVE fixes for 22.0.1229.79
    - CVE-2012-2889: UXSS in frame handling.
    - CVE-2012-2886: UXSS in v8 bindings.
    - CVE-2012-2881: DOM tree corruption with plug-ins.
    - CVE-2012-2876: Buffer overflow in SSE2 optimizations.
    - CVE-2012-2883: Out-of-bounds write in Skia.
    - CVE-2012-2887: Use-after-free in onclick handling.
    - CVE-2012-2888: Use-after-free in SVG text references.
    - CVE-2012-2894: Crash in graphics context handling.
    - CVE-2012-2877: Browser crash with extensions and modal dialogs.
    - CVE-2012-2879: DOM topology corruption.
    - CVE-2012-2884: Out-of-bounds read in Skia.
    - CVE-2012-2874: Out-of-bounds write in Skia.
    - CVE-2012-2878: Use-after-free in plug-in handling.
    - CVE-2012-2880: Race condition in plug-in paint buffer.
    - CVE-2012-2882: Wild pointer in OGG container handling.
    - CVE-2012-2885: Possible double free on exit.
    - CVE-2012-2891: Address leak over IPC.
    - CVE-2012-2892: Pop-up block bypass.
    - CVE-2012-2893: Double free in XSL transforms.
  * Includes CVE fixes for 21.0.1180.89
    - CVE-2012-2865: Out-of-bounds read in line breaking.
    - CVE-2012-2866: Bad cast with run-ins.
    - CVE-2012-2867: Browser crash with SPDY.
    - CVE-2012-2868: Race condition with workers and XHR.
    - CVE-2012-2869: Avoid stale buffer in URL loading.
    - CVE-2012-2870: Lower severity memory management issues in XPath.
    - CVE-2012-2871: Bad cast in XSL transforms.
    - CVE-2012-2872: XSS in SSL interstitial.
  * Includes CVE fixes for 21.0.1180.57
    - CVE-2012-2846: Cross-process interference in renderers.
    - CVE-2012-2847: Missing re-prompt to user upon excessive downloads.
    - CVE-2012-2848: Overly broad file access granted after drag+drop.
    - CVE-2012-2849: Off-by-one read in GIF decoder.
    - CVE-2012-2853: webRequest can interfere with the Chrome Web Store.
    - CVE-2012-2854: Leak of pointer values to WebUI renderers.
    - CVE-2012-2857: Use-after-free in CSS DOM.
    - CVE-2012-2858: Buffer overflow in WebP decoder.
    - CVE-2012-2859: Crash in tab handling.
    - CVE-2012-2860: Out-of-bounds access when clicking in date picker.
  * Includes CVE fixes for 20.0.1132.57
    - CVE-2012-2842: Use-after-free in counter handling.
    - CVE-2012-2843: Use-after-free in layout height tracking.
 -- Chad Miller <email address hidden>   Sat, 12 Jan 2013 18:49:00 -0600

Upload details

Uploaded by:
Chad Miller on 2013-01-13
Sponsored by:
Jamie Strandboge
Uploaded to:
Original maintainer:
Ubuntu Developers
any all
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
chromium-browser_23.0.1271.97.orig.tar.xz 302.4 MiB 80b87ccd08a12eed5fece39be49e8b14bebb0afe09597ca3181f0c235d2894a3
chromium-browser_23.0.1271.97-0ubuntu0.12.04.1.debian.tar.gz 208.6 KiB b82b4134ab6e59e359f57128ec59d81ab60b6cbd6ac873a7ce00e0374e0f5abf
chromium-browser_23.0.1271.97-0ubuntu0.12.04.1.dsc 3.1 KiB afa701b9a3d78b9bb3edc6dc6e4158969257b645f4c198c8426617c4d56bc18d

View changes file

Binary packages built by this source

chromium-browser: Chromium browser

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 Chromium serves as a base for Google Chrome, which is Chromium rebranded (name
 and logo) with very few additions such as usage tracking and an auto-updater
 This package contains the Chromium browser

chromium-browser-dbg: chromium-browser debug symbols

 Debug symbols for the Chromium browser

chromium-browser-l10n: chromium-browser language packages

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 This package contains language packages for 65 languages:
 am, ar, ast, bg, bn, bs, ca, ca@valencia, cs, da, de, el, en-AU, en-GB, eo,
 es-419, es, et, eu, fa, fil, fi, fr, gl, gu, he, hi, hr, hu, hy, ia, id, it,
 ja, ka, kn, ko, ku, kw, lt, lv, ml, mr, ms, nb, nl, pl, pt-BR, pt-PT, ro, ru,
 sk, sl, sr, sv, sw, ta, te, th, tr, ug, uk, vi, zh-CN, zh-TW

chromium-codecs-ffmpeg: Free ffmpeg codecs for the Chromium Browser

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. Only the free ogg, vorbis and theora codecs are
 included. See chromium-codecs-ffmpeg-extra for additionnal codecs

chromium-codecs-ffmpeg-dbg: chromium-codecs-ffmpeg debug symbols

 Debug symbols for the free ffmpeg-mt codecs

chromium-codecs-ffmpeg-extra: Extra ffmpeg codecs for the Chromium Browser

 Chromium is an open-source browser project that aims to build a safer, faster,
 and more stable way for all Internet users to experience the web.
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. In addition to the patent-free ogg, vorbis and
 theora codecs, aac/ac3/mpeg4audio/h264/mov/mp3 are also included. See
 chromium-codecs-ffmpeg if you prefer only the patent-free codecs

chromium-codecs-ffmpeg-extra-dbg: chromium-codecs-ffmpeg-extra debug symbols

 Debug symbols for the extra ffmpeg-mt codecs