chromium-browser 53.0.2785.143-0ubuntu0.14.04.1.1142 source package in Ubuntu

Changelog

chromium-browser (53.0.2785.143-0ubuntu0.14.04.1.1142) trusty-security; urgency=medium

  * Upstream release 53.0.2785.143:
    - CVE-2016-5177: Use after free in V8.
    - CVE-2016-5178: Various fixes from internal audits, fuzzing and other
      initiatives.
  * Upstream release 53.0.2785.113:
    - CVE-2016-5170: Use after free in Blink.
    - CVE-2016-5171: Use after free in Blink.
    - CVE-2016-5172: Arbitrary Memory Read in v8.
    - CVE-2016-5173: Extension resource access.
    - CVE-2016-5174: Popup not correctly suppressed.
    - CVE-2016-5175: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/rules: Use gold ld to link.
  * debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
    we can not assume a memory access to address zero always results in a
    trap.
  * debian/patches/gsettings-display-scaling,
    debian/patches/display-scaling-default-value, reenable DPI scaling taken
    from dconf.
  * debian/rules: explicitly set target arch for arm64.
  * debian/control, debian/rules: re-add -dbg transitional packages.
  * Upstream release 53.0.2785.89:
    - CVE-2016-5147: Universal XSS in Blink.
    - CVE-2016-5148: Universal XSS in Blink.
    - CVE-2016-5149: Script injection in extensions.
    - CVE-2016-5150: Use after free in Blink.
    - CVE-2016-5151: Use after free in PDFium.
    - CVE-2016-5152: Heap overflow in PDFium.
    - CVE-2016-5153: Use after destruction in Blink.
    - CVE-2016-5154: Heap overflow in PDFium.
    - CVE-2016-5155: Address bar spoofing.
    - CVE-2016-5156: Use after free in event bindings.
    - CVE-2016-5157: Heap overflow in PDFium.
    - CVE-2016-5158: Heap overflow in PDFium.
    - CVE-2016-5159: Heap overflow in PDFium.
    - CVE-2016-5161: Type confusion in Blink.
    - CVE-2016-5162: Extensions web accessible resources bypass.
    - CVE-2016-5163: Address bar spoofing.
    - CVE-2016-5164: Universal XSS using DevTools.
    - CVE-2016-5165: Script injection in DevTools.
    - CVE-2016-5166: SMB Relay Attack via Save Page As.
    - CVE-2016-5160: Extensions web accessible resources bypass.
    - CVE-2016-5167: Various fixes from internal audits, fuzzing and other
      initiatives.
  * debian/patches/cups-include-deprecated-ppd, debian/rules: include cups
    functions.
  * Use system libraries for expat, speex, zlib, opus, png, jpeg.
  * Also build for arm64 architecture.
  * Don't compile in cups support by default on all architectures.
  * debian/control: remvove build-dep on clang.
  * debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow
    it in sandbox filter. Also, undefine it so we don't use MADV_FREE and
    thereby depend on it at runtime.
  * debian/rules: Use gold ld to link.
  * debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
    we can not assume a memory access to address zero always results in a
    trap.
  * debian/patches/series, debian/rules: Re-enable widevine component.
  * debian/patches/expat-config: Avoid "memmove does not exist".

 -- Chad MILLER <email address hidden>  Fri, 16 Sep 2016 12:56:44 -0400

Upload details

Uploaded by:
Chad Miller on 2016-09-30
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
armhf armel i386 amd64 arm64 all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
chromium-browser_53.0.2785.143.orig.tar.xz 439.5 MiB c52a58b79bfb27bb87e4a0a6ff213001485fbc747657b290f75d39ddce07dcc3
chromium-browser_53.0.2785.143-0ubuntu0.14.04.1.1142.debian.tar.xz 530.2 KiB 8ee90e8044eeaf7cae2003414d41e14c3d18e8be8c765a5a5ba3e7b9904b9932
chromium-browser_53.0.2785.143-0ubuntu0.14.04.1.1142.dsc 3.2 KiB 5eae74ff3ccdf132c17ceb408228c93581202487f01ae9c267e06e59c39d838d

View changes file

Binary packages built by this source

chromium-browser: Chromium web browser, open-source version of Chrome

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.

chromium-browser-dbgsym: debug symbols for package chromium-browser

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.

chromium-browser-l10n: chromium-browser language packages

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains language packages for 65 languages:
 am, ar, ast, bg, bn, bs, ca, ca@valencia, cs, da, de, el, en-AU, en-GB, eo,
 es-419, es, et, eu, fa, fil, fi, fr, gl, gu, he, hi, hr, hu, hy, ia, id, it,
 ja, ka, kn, ko, ku, kw, lt, lv, ml, mr, ms, nb, nl, pl, pt-BR, pt-PT, ro, ru,
 sk, sl, sr, sv, sw, ta, te, th, tr, ug, uk, vi, zh-CN, zh-TW

chromium-chromedriver: WebDriver driver for the Chromium Browser

 Chromedriver serves as a bridge between Chromium Browser and Selenium
 WebDriver.
 .
 See https://sites.google.com/a/chromium.org/chromedriver/ for details.

chromium-chromedriver-dbgsym: debug symbols for package chromium-chromedriver

 Chromedriver serves as a bridge between Chromium Browser and Selenium
 WebDriver.
 .
 See https://sites.google.com/a/chromium.org/chromedriver/ for details.

chromium-codecs-ffmpeg: Free ffmpeg codecs for the Chromium Browser

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. Only the free ogg, vorbis and theora codecs are
 included. See chromium-codecs-ffmpeg-extra for additional codecs

chromium-codecs-ffmpeg-dbgsym: debug symbols for package chromium-codecs-ffmpeg

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. Only the free ogg, vorbis and theora codecs are
 included. See chromium-codecs-ffmpeg-extra for additional codecs

chromium-codecs-ffmpeg-extra: Extra ffmpeg codecs for the Chromium Browser

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. In addition to the patent-free ogg, vorbis and
 theora codecs, aac/ac3/mpeg4audio/h264/mov/mp3 are also included. See
 chromium-codecs-ffmpeg if you prefer only the patent-free codecs

chromium-codecs-ffmpeg-extra-dbgsym: debug symbols for package chromium-codecs-ffmpeg-extra

 An open-source browser project that aims to build a safer, faster, and more
 stable way for all Internet users to experience the web.
 .
 This package contains the multi-threaded ffmpeg codecs needed for the HTML5
 <audio> and <video> tags. In addition to the patent-free ogg, vorbis and
 theora codecs, aac/ac3/mpeg4audio/h264/mov/mp3 are also included. See
 chromium-codecs-ffmpeg if you prefer only the patent-free codecs