-
chromium-browser (112.0.5615.49-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 112.0.5615.49.
-- Nathan Pratta Teodosio <email address hidden> Mon, 10 Apr 2023 08:59:04 -0300
-
chromium-browser (111.0.5563.64-0ubuntu0.18.04.5) bionic; urgency=medium
* Upstream release: 111.0.5563.64.
* d/p/widevine-enable-*.patch: extended for ARM.
* d/p/partition-allocator-missing-ioctl.patch: refreshed.
-- Nathan Pratta Teodosio <email address hidden> Thu, 19 Jan 2023 10:13:40 -0300
-
chromium-browser (110.0.5481.100-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 110.0.5481.100.
* d/p/warning-to-error.patch: refreshed.
* Refreshed patches hunks.
-- Nathan Pratta Teodosio <email address hidden> Thu, 16 Feb 2023 10:13:40 -0300
-
chromium-browser (109.0.5414.74-0ubuntu0.18.04.14) bionic; urgency=medium
* Upstream release: 109.0.5414.74.
* d/p/constexpr-doesnt-*.patch: refreshed & hunk added.
* d/p/build-with-old-libva-no-av1.patch: refreshed.
* d/p/c-std-17.patch: refreshed.
* d/p/gsimple-template-names.patch: added.
* d/p/use-python3-7.patch: added.
* d/p/warning-to-error.patch: added back with narrowing disable.
* d/rules:
- delete use_allocator and use_allocator_shim from common_defines.
- symbol_level 1->0.
* d/control:
- Python 3.7 is build dependency.
-- Nathan Pratta Teodosio <email address hidden> Fri, 13 Jan 2023 08:28:33 -0300
-
chromium-browser (108.0.5359.71-0ubuntu0.18.04.5) bionic; urgency=medium
* Upstream release: 108.0.5359.71.
* d/p/libaom-armhf-build-cpudetect.patch: dropped.
* d/p/c-std-17.patch: added.
* d/p/undefined-mulodi4.patch: added
* d/p/suppress-newer-clang-warning-flags.patch: refreshed.
* d/control: add qt5-default.
* chromium-browser.sh.in: enable page translation.
-- Nathan Pratta Teodosio <email address hidden> Thu, 01 Dec 2022 07:25:00 -0300
-
chromium-browser (107.0.5304.87-0ubuntu11.18.04.1) bionic; urgency=medium
* constexpr-doesnt-produce-constant-expression.patch: added
-- Nathan Pratta Teodosio <email address hidden> Mon, 02 Oct 2022 19:41:59 -0200
-
chromium-browser (105.0.5195.102-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 105.0.5195.102
- CVE-2022-3075: Insufficient data validation in Mojo.
-- Nathan Pratta Teodosio <email address hidden> Tue, 06 Sep 2022 11:57:11 -0300
-
chromium-browser (104.0.5112.101-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 104.0.5112.101
- CVE-2022-2852: Use after free in FedCM.
- CVE-2022-2854: Use after free in SwiftShader.
- CVE-2022-2855: Use after free in ANGLE.
- CVE-2022-2857: Use after free in Blink.
- CVE-2022-2858: Use after free in Sign-In Flow.
- CVE-2022-2853: Heap buffer overflow in Downloads.
- CVE-2022-2856: Insufficient validation of untrusted input in Intents.
- CVE-2022-2859: Use after free in Chrome OS Shell.
- CVE-2022-2860: Insufficient policy enforcement in Cookies.
- CVE-2022-2861: Inappropriate implementation in Extensions API.
-- Olivier Tilloy <email address hidden> Wed, 17 Aug 2022 09:22:37 +0200
-
chromium-browser (103.0.5060.134-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 103.0.5060.134
- CVE-2022-2477 : Use after free in Guest View.
- CVE-2022-2478 : Use after free in PDF.
- CVE-2022-2479 : Insufficient validation of untrusted input in File.
- CVE-2022-2480 : Use after free in Service Worker API.
- CVE-2022-2481: Use after free in Views.
- CVE-2022-2163: Use after free in Cast UI and Toolbar.
-- Olivier Tilloy <email address hidden> Wed, 20 Jul 2022 07:09:27 +0200
-
chromium-browser (101.0.4951.64-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 101.0.4951.64
- CVE-2022-1633: Use after free in Sharesheet.
- CVE-2022-1634: Use after free in Browser UI.
- CVE-2022-1635: Use after free in Permission Prompts.
- CVE-2022-1636: Use after free in Performance APIs.
- CVE-2022-1637: Inappropriate implementation in Web Contents.
- CVE-2022-1638: Heap buffer overflow in V8 Internationalization.
- CVE-2022-1639: Use after free in ANGLE.
- CVE-2022-1640: Use after free in Sharing.
- CVE-2022-1641: Use after free in Web UI Diagnostics.
-- Olivier Tilloy <email address hidden> Wed, 11 May 2022 09:49:30 +0200
-
chromium-browser (100.0.4896.127-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 100.0.4896.127
- CVE-2022-1364: Type Confusion in V8.
-- Olivier Tilloy <email address hidden> Fri, 15 Apr 2022 09:07:28 +0200
-
chromium-browser (99.0.4844.84-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 99.0.4844.84
- CVE-2022-1096: Type Confusion in V8.
-- Olivier Tilloy <email address hidden> Sat, 26 Mar 2022 14:32:42 +0100
-
chromium-browser (99.0.4844.51-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 99.0.4844.51
- CVE-2022-0789: Heap buffer overflow in ANGLE.
- CVE-2022-0790: Use after free in Cast UI.
- CVE-2022-0791: Use after free in Omnibox.
- CVE-2022-0792: Out of bounds read in ANGLE.
- CVE-2022-0793: Use after free in Views.
- CVE-2022-0794: Use after free in WebShare.
- CVE-2022-0795: Type Confusion in Blink Layout.
- CVE-2022-0796: Use after free in Media.
- CVE-2022-0797: Out of bounds memory access in Mojo.
- CVE-2022-0798: Use after free in MediaStream.
- CVE-2022-0799: Insufficient policy enforcement in Installer.
- CVE-2022-0800: Heap buffer overflow in Cast UI.
- CVE-2022-0801: Inappropriate implementation in HTML parser.
- CVE-2022-0802: Inappropriate implementation in Full screen mode.
- CVE-2022-0803: Inappropriate implementation in Permissions.
- CVE-2022-0804: Inappropriate implementation in Full screen mode.
- CVE-2022-0805: Use after free in Browser Switcher.
- CVE-2022-0806: Data leak in Canvas.
- CVE-2022-0807: Inappropriate implementation in Autofill.
- CVE-2022-0808: Use after free in Chrome OS Shell.
- CVE-2022-0809: Out of bounds memory access in WebXR.
* debian/rules: exclude unnecessary build artifacts (LP: #1961565)
* debian/patches/arm64-no-pointer-authentication.patch: added
* debian/patches/build-with-old-libva-missing-defines.patch: refreshed
* debian/patches/build-with-old-libva-no-av1.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: updated
* debian/patches/gn-no-std-equal_to.patch: added
* debian/patches/libaom-armhf-build-cpudetect.patch: refreshed
* debian/patches/revert-sequence-checker-capability-name.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
-- Olivier Tilloy <email address hidden> Tue, 01 Mar 2022 21:43:44 +0100
-
chromium-browser (97.0.4692.71-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 97.0.4692.71
- CVE-2022-0096: Use after free in Storage.
- CVE-2022-0097: Inappropriate implementation in DevTools.
- CVE-2022-0098: Use after free in Screen Capture.
- CVE-2022-0099: Use after free in Sign-in.
- CVE-2022-0100: Heap buffer overflow in Media streams API.
- CVE-2022-0101: Heap buffer overflow in Bookmarks.
- CVE-2022-0102: Type Confusion in V8.
- CVE-2022-0103: Use after free in SwiftShader.
- CVE-2022-0104: Heap buffer overflow in ANGLE.
- CVE-2022-0105: Use after free in PDF.
- CVE-2022-0106: Use after free in Autofill.
- CVE-2022-0107: Use after free in File Manager API.
- CVE-2022-0108: Inappropriate implementation in Navigation.
- CVE-2022-0109: Inappropriate implementation in Autofill.
- CVE-2022-0110: Incorrect security UI in Autofill.
- CVE-2022-0111: Inappropriate implementation in Navigation.
- CVE-2022-0112: Incorrect security UI in Browser UI.
- CVE-2022-0113: Inappropriate implementation in Blink.
- CVE-2022-0114: Out of bounds memory access in Web Serial.
- CVE-2022-0115: Uninitialized Use in File API.
- CVE-2022-0116: Inappropriate implementation in Compositing.
- CVE-2022-0117: Policy bypass in Service Workers.
- CVE-2022-0118: Inappropriate implementation in WebShare.
- CVE-2022-0120: Inappropriate implementation in Passwords.
* debian/patches/blink-math-constexpr.patch: added
* debian/patches/blink-math-constexpr2.patch: added
* debian/patches/build-with-old-libva-missing-defines.patch: refreshed
* debian/patches/build-with-old-libva-no-av1.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/use-clang-versioned.patch: updated
* debian/patches/widevine-other-locations: refreshed
-- Olivier Tilloy <email address hidden> Fri, 07 Jan 2022 21:05:03 +0100
-
chromium-browser (95.0.4638.69-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 95.0.4638.69
- CVE-2021-37997 : Use after free in Sign-In.
- CVE-2021-37998 : Use after free in Garbage Collection.
- CVE-2021-37999 : Insufficient data validation in New Tab Page.
- CVE-2021-38000 : Insufficient validation of untrusted input in Intents.
- CVE-2021-38001 : Type Confusion in V8.
- CVE-2021-38002 : Use after free in Web Transport.
- CVE-2021-38003 : Inappropriate implementation in V8.
-- Olivier Tilloy <email address hidden> Fri, 29 Oct 2021 12:13:58 +0200
-
chromium-browser (94.0.4606.81-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 94.0.4606.81
- CVE-2021-37977 : Use after free in Garbage Collection.
- CVE-2021-37978 : Heap buffer overflow in Blink.
- CVE-2021-37979 : Heap buffer overflow in WebRTC.
- CVE-2021-37980 : Inappropriate implementation in Sandbox.
-- Olivier Tilloy <email address hidden> Fri, 08 Oct 2021 10:54:21 +0200
-
chromium-browser (94.0.4606.71-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 94.0.4606.71
- CVE-2021-37974 : Use after free in Safe Browsing.
- CVE-2021-37975 : Use after free in V8.
- CVE-2021-37976 : Information leak in core.
-- Olivier Tilloy <email address hidden> Fri, 01 Oct 2021 06:56:50 +0200
-
chromium-browser (93.0.4577.63-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 93.0.4577.63
- CVE-2021-30606: Use after free in Blink.
- CVE-2021-30607: Use after free in Permissions.
- CVE-2021-30608: Use after free in Web Share.
- CVE-2021-30609: Use after free in Sign-In.
- CVE-2021-30610: Use after free in Extensions API.
- CVE-2021-30611: Use after free in WebRTC.
- CVE-2021-30612: Use after free in WebRTC.
- CVE-2021-30613: Use after free in Base internals.
- CVE-2021-30614: Heap buffer overflow in TabStrip.
- CVE-2021-30615: Cross-origin data leak in Navigation.
- CVE-2021-30616: Use after free in Media.
- CVE-2021-30617: Policy bypass in Blink.
- CVE-2021-30618: Inappropriate implementation in DevTools.
- CVE-2021-30619: UI Spoofing in Autofill.
- CVE-2021-30620: Insufficient policy enforcement in Blink.
- CVE-2021-30621: UI Spoofing in Autofill.
- CVE-2021-30622: Use after free in WebApp Installs.
- CVE-2021-30623: Use after free in Bookmarks.
- CVE-2021-30624: Use after free in Autofill.
* debian/patches/build-with-old-libva-missing-defines.patch: refreshed
* debian/patches/build-with-old-libva-no-av1.patch: refreshed
* debian/patches/enable-chromecast-by-default.patch: removed, no longer needed
* debian/patches/libaom-armhf-build-cpudetect.patch: refreshed
* debian/patches/no-dirmd.patch: refreshed
* debian/patches/qualify-ambiguous-name-lookup.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/v8-add-missing-constexpr-arm64.patch: removed, no longer
needed (upstreamed)
* debian/patches/widevine-enable-version-string.patch: refreshed
-- Olivier Tilloy <email address hidden> Wed, 25 Aug 2021 13:05:12 +0200
-
chromium-browser (92.0.4515.159-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 92.0.4515.159
- CVE-2021-30598: Type Confusion in V8.
- CVE-2021-30599: Type Confusion in V8.
- CVE-2021-30600: Use after free in Printing.
- CVE-2021-30601: Use after free in Extensions API.
- CVE-2021-30602: Use after free in WebRTC.
- CVE-2021-30603: Race in WebAudio.
- CVE-2021-30604: Use after free in ANGLE.
-- Olivier Tilloy <email address hidden> Tue, 17 Aug 2021 09:23:53 +0200
-
chromium-browser (91.0.4472.101-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 91.0.4472.101
- CVE-2021-30544: Use after free in BFCache.
- CVE-2021-30545: Use after free in Extensions.
- CVE-2021-30546: Use after free in Autofill.
- CVE-2021-30547: Out of bounds write in ANGLE.
- CVE-2021-30548: Use after free in Loader.
- CVE-2021-30549: Use after free in Spell check.
- CVE-2021-30550: Use after free in Accessibility.
- CVE-2021-30551: Type Confusion in V8.
- CVE-2021-30552: Use after free in Extensions.
- CVE-2021-30553: Use after free in Network service.
-- Olivier Tilloy <email address hidden> Thu, 10 Jun 2021 22:21:25 +0200
-
chromium-browser (91.0.4472.77-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 91.0.4472.77
- CVE-2021-30521: Heap buffer overflow in Autofill.
- CVE-2021-30522: Use after free in WebAudio.
- CVE-2021-30523: Use after free in WebRTC.
- CVE-2021-30524: Use after free in TabStrip.
- CVE-2021-30525: Use after free in TabGroups.
- CVE-2021-30526: Out of bounds write in TabStrip.
- CVE-2021-30527: Use after free in WebUI.
- CVE-2021-30528: Use after free in WebAuthentication.
- CVE-2021-30529: Use after free in Bookmarks.
- CVE-2021-30530: Out of bounds memory access in WebAudio.
- CVE-2021-30531: Insufficient policy enforcement in Content Security Policy.
- CVE-2021-30532: Insufficient policy enforcement in Content Security Policy.
- CVE-2021-30533: Insufficient policy enforcement in PopupBlocker.
- CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox.
- CVE-2021-30535: Double free in ICU.
- CVE-2021-21212: Insufficient data validation in networking.
- CVE-2021-30536: Out of bounds read in V8.
- CVE-2021-30537: Insufficient policy enforcement in cookies.
- CVE-2021-30538: Insufficient policy enforcement in content security policy.
- CVE-2021-30539: Insufficient policy enforcement in content security policy.
- CVE-2021-30540: Incorrect security UI in payments.
* debian/control: add a build dependency on libcurl4-openssl-dev
* debian/patches/build-with-old-libva-missing-defines.patch: refreshed
* debian/patches/build-with-old-libva-no-av1.patch: updated
* debian/patches/closure-compiler-use-system-wide-java.patch: added
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/node-use-system-wide.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
-- Olivier Tilloy <email address hidden> Wed, 26 May 2021 13:02:18 +0200
-
chromium-browser (90.0.4430.93-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 90.0.4430.93
- CVE-2021-21227: Insufficient data validation in V8.
- CVE-2021-21232: Use after free in Dev Tools.
- CVE-2021-21233: Heap buffer overflow in ANGLE.
- CVE-2021-21228: Insufficient policy enforcement in extensions.
- CVE-2021-21229: Incorrect security UI in downloads.
- CVE-2021-21230: Type Confusion in V8.
- CVE-2021-21231: Insufficient data validation in V8.
-- Olivier Tilloy <email address hidden> Wed, 28 Apr 2021 10:01:55 +0200
-
chromium-browser (90.0.4430.72-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 90.0.4430.72
- CVE-2021-21201: Use after free in permissions.
- CVE-2021-21202: Use after free in extensions.
- CVE-2021-21203: Use after free in Blink.
- CVE-2021-21204: Use after free in Blink.
- CVE-2021-21205: Insufficient policy enforcement in navigation.
- CVE-2021-21221: Insufficient validation of untrusted input in Mojo.
- CVE-2021-21207: Use after free in IndexedDB.
- CVE-2021-21208: Insufficient data validation in QR scanner.
- CVE-2021-21209: Inappropriate implementation in storage.
- CVE-2021-21210: Inappropriate implementation in Network.
- CVE-2021-21211: Inappropriate implementation in Navigation.
- CVE-2021-21212: Incorrect security UI in Network Config UI.
- CVE-2021-21213: Use after free in WebMIDI.
- CVE-2021-21214: Use after free in Network API.
- CVE-2021-21215: Inappropriate implementation in Autofill.
- CVE-2021-21216: Inappropriate implementation in Autofill.
- CVE-2021-21217: Uninitialized Use in PDFium.
- CVE-2021-21218: Uninitialized Use in PDFium.
- CVE-2021-21219: Uninitialized Use in PDFium.
* debian/patches/build-with-old-libva.patch: refreshed and renamed to
debian/patches/build-with-old-libva-missing-defines.patch
* debian/patches/build-with-old-libva-no-av1.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: removed, no longer needed
* debian/patches/libaom-armhf-build-cpudetect.patch: added
* debian/patches/revert-sequence-checker-capability-name.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
-- Olivier Tilloy <email address hidden> Thu, 15 Apr 2021 12:25:19 +0200
-
chromium-browser (89.0.4389.90-0ubuntu0.18.04.2) bionic; urgency=medium
* debian/control: add an explicit runtime dependency on libx11-xcb1
(LP: #1919146)
-- Olivier Tilloy <email address hidden> Wed, 17 Mar 2021 18:52:33 +0100
-
chromium-browser (89.0.4389.82-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 89.0.4389.82
-- Olivier Tilloy <email address hidden> Sun, 07 Mar 2021 06:47:29 +0100
-
chromium-browser (87.0.4280.66-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 87.0.4280.66
- CVE-2020-16018: Use after free in payments.
- CVE-2020-16019: Inappropriate implementation in filesystem.
- CVE-2020-16020: Inappropriate implementation in cryptohome.
- CVE-2020-16021: Race in ImageBurner.
- CVE-2020-16022: Insufficient policy enforcement in networking.
- CVE-2020-16015: Insufficient data validation in WASM.
- CVE-2020-16014: Use after free in PPAPI.
- CVE-2020-16023: Use after free in WebCodecs.
- CVE-2020-16024: Heap buffer overflow in UI.
- CVE-2020-16025: Heap buffer overflow in clipboard.
- CVE-2020-16026: Use after free in WebRTC.
- CVE-2020-16027: Insufficient policy enforcement in developer tools.
- CVE-2020-16028: Heap buffer overflow in WebRTC.
- CVE-2020-16029: Inappropriate implementation in PDFium.
- CVE-2020-16030: Insufficient data validation in Blink.
- CVE-2019-8075: Insufficient data validation in Flash.
- CVE-2020-16031: Incorrect security UI in tab preview.
- CVE-2020-16032: Incorrect security UI in sharing.
- CVE-2020-16033: Incorrect security UI in WebUSB.
- CVE-2020-16034: Inappropriate implementation in WebRTC.
- CVE-2020-16035: Insufficient data validation in cros-disks.
- CVE-2020-16012: Side-channel information leakage in graphics.
- CVE-2020-16036: Inappropriate implementation in cookies.
* debian/rules: set chrome_pgo_phase build flag to 0 to disable PGO, because
the upstream profile data is not compatible with the version of clang used
to build chromium
* debian/patches/default-allocator: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
-- Olivier Tilloy <email address hidden> Tue, 17 Nov 2020 23:14:09 +0100
-
chromium-browser (86.0.4240.198-0ubuntu0.18.04.1) bionic; urgency=medium
* Stable channel update: 86.0.4240.198
- CVE-2020-16013: Inappropriate implementation in V8.
- CVE-2020-16017: Use after free in site isolation.
-- Olivier Tilloy <email address hidden> Thu, 12 Nov 2020 07:20:39 +0100
-
chromium-browser (86.0.4240.75-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 86.0.4240.75
- CVE-2020-15967: Use after free in payments.
- CVE-2020-15968: Use after free in Blink.
- CVE-2020-15969: Use after free in WebRTC.
- CVE-2020-15970: Use after free in NFC.
- CVE-2020-15971: Use after free in printing.
- CVE-2020-15972: Use after free in audio.
- CVE-2020-15990: Use after free in autofill.
- CVE-2020-15991: Use after free in password manager.
- CVE-2020-15973: Insufficient policy enforcement in extensions.
- CVE-2020-15974: Integer overflow in Blink.
- CVE-2020-15975: Integer overflow in SwiftShader.
- CVE-2020-15976: Use after free in WebXR.
- CVE-2020-6557: Inappropriate implementation in networking.
- CVE-2020-15977: Insufficient data validation in dialogs.
- CVE-2020-15978: Insufficient data validation in navigation.
- CVE-2020-15979: Inappropriate implementation in V8.
- CVE-2020-15980: Insufficient policy enforcement in Intents.
- CVE-2020-15981: Out of bounds read in audio.
- CVE-2020-15982: Side-channel information leakage in cache.
- CVE-2020-15983: Insufficient data validation in webUI.
- CVE-2020-15984: Insufficient policy enforcement in Omnibox.
- CVE-2020-15985: Inappropriate implementation in Blink.
- CVE-2020-15986: Integer overflow in media.
- CVE-2020-15987: Use after free in WebRTC.
- CVE-2020-15992: Insufficient policy enforcement in networking.
- CVE-2020-15988: Insufficient policy enforcement in downloads.
- CVE-2020-15989: Uninitialized Use in PDFium.
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/node-use-system-wide.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: updated
* debian/patches/widevine-enable-version-string.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
-- Olivier Tilloy <email address hidden> Wed, 07 Oct 2020 22:13:11 +0200
-
chromium-browser (85.0.4183.121-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 85.0.4183.121
- CVE-2020-15960: Heap buffer overflow in storage.
- CVE-2020-15961: Insufficient policy enforcement in extensions.
- CVE-2020-15962: Insufficient policy enforcement in serial.
- CVE-2020-15963: Insufficient policy enforcement in extensions.
- CVE-2020-15965: Type Confusion in V8.
- CVE-2020-15966: Insufficient policy enforcement in extensions.
- CVE-2020-15964: Insufficient data validation in media.
-- Olivier Tilloy <email address hidden> Mon, 21 Sep 2020 22:11:46 +0200
-
chromium-browser (85.0.4183.83-0ubuntu0.18.04.2) bionic; urgency=medium
* debian/rules: install libEGL.so and libGLESv2.so, needed for
hardware-accelerated rendering
-- Olivier Tilloy <email address hidden> Mon, 31 Aug 2020 15:19:38 +0200
-
chromium-browser (84.0.4147.105-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 84.0.4147.105
- CVE-2020-6537: Type Confusion in V8.
- CVE-2020-6538: Inappropriate implementation in WebView.
- CVE-2020-6532: Use after free in SCTP.
- CVE-2020-6539: Use after free in CSS.
- CVE-2020-6540: Heap buffer overflow in Skia.
- CVE-2020-6541: Use after free in WebUSB.
-- Olivier Tilloy <email address hidden> Tue, 28 Jul 2020 11:28:16 +0200
-
chromium-browser (83.0.4103.61-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 83.0.4103.61
- CVE-2020-6465: Use after free in reader mode.
- CVE-2020-6466: Use after free in media.
- CVE-2020-6467: Use after free in WebRTC.
- CVE-2020-6468: Type Confusion in V8.
- CVE-2020-6469: Insufficient policy enforcement in developer tools.
- CVE-2020-6470: Insufficient validation of untrusted input in clipboard.
- CVE-2020-6471: Insufficient policy enforcement in developer tools.
- CVE-2020-6472: Insufficient policy enforcement in developer tools.
- CVE-2020-6473: Insufficient policy enforcement in Blink.
- CVE-2020-6474: Use after free in Blink.
- CVE-2020-6475: Incorrect security UI in full screen.
- CVE-2020-6476: Insufficient policy enforcement in tab strip.
- CVE-2020-6477: Inappropriate implementation in installer.
- CVE-2020-6478: Inappropriate implementation in full screen.
- CVE-2020-6479: Inappropriate implementation in sharing.
- CVE-2020-6480: Insufficient policy enforcement in enterprise.
- CVE-2020-6481: Insufficient policy enforcement in URL formatting.
- CVE-2020-6482: Insufficient policy enforcement in developer tools.
- CVE-2020-6483: Insufficient policy enforcement in payments.
- CVE-2020-6484: Insufficient data validation in ChromeDriver.
- CVE-2020-6485: Insufficient data validation in media router.
- CVE-2020-6486: Insufficient policy enforcement in navigations.
- CVE-2020-6487: Insufficient policy enforcement in downloads.
- CVE-2020-6488: Insufficient policy enforcement in downloads.
- CVE-2020-6489: Inappropriate implementation in developer tools.
- CVE-2020-6490: Insufficient data validation in loader.
- CVE-2020-6491: Incorrect security UI in site information.
* debian/control: add build dependency on python-pkg-resources (needed for
jinja2, since https://chromium.googlesource.com/chromium/src/+/312b6bf)
* debian/rules: copy missing source file for gn build
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-extra-arflags.patch: removed, no longer needed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
-- Olivier Tilloy <email address hidden> Thu, 21 May 2020 15:28:16 +0200
-
chromium-browser (81.0.4044.138-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 81.0.4044.138
- CVE-2020-6831: Stack buffer overflow in SCTP.
- CVE-2020-6464: Type Confusion in Blink.
-- Olivier Tilloy <email address hidden> Wed, 06 May 2020 08:57:33 +0200
-
chromium-browser (81.0.4044.122-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 81.0.4044.122
- CVE-2020-6459: Use after free in payments.
- CVE-2020-6460: Insufficient data validation in URL formatting.
- CVE-2020-6458: Out of bounds read and write in PDFium.
-- Olivier Tilloy <email address hidden> Wed, 22 Apr 2020 19:41:50 +0200
-
chromium-browser (80.0.3987.163-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 80.0.3987.163
-- Olivier Tilloy <email address hidden> Sat, 04 Apr 2020 16:28:10 +0200
-
chromium-browser (80.0.3987.149-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 80.0.3987.149
- CVE-2019-20503: Out of bounds read in usersctplib.
- CVE-2020-6383: Type confusion in V8.
- CVE-2020-6384: Use after free in WebAudio.
- CVE-2020-6386: Use after free in speech.
- CVE-2020-6407: Out of bounds memory access in streams.
- CVE-2020-6418: Type confusion in V8.
- CVE-2020-6420: Insufficient policy enforcement in media.
- CVE-2020-6422: Use after free in WebGL.
- CVE-2020-6424: Use after free in media.
- CVE-2020-6425: Insufficient policy enforcement in extensions.
- CVE-2020-6426: Inappropriate implementation in V8.
- CVE-2020-6427: Use after free in audio.
- CVE-2020-6428: Use after free in audio.
- CVE-2020-6429: Use after free in audio.
- CVE-2020-6449: Use after free in audio.
-- Olivier Tilloy <email address hidden> Wed, 18 Mar 2020 22:16:10 +0100
-
chromium-browser (80.0.3987.87-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 80.0.3987.87
- CVE-2020-6381: Integer overflow in JavaScript.
- CVE-2020-6382: Type Confusion in JavaScript.
- CVE-2019-18197: Multiple vulnerabilities in XML.
- CVE-2019-19926: Inappropriate implementation in SQLite.
- CVE-2020-6385: Insufficient policy enforcement in storage.
- CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite.
- CVE-2020-6387: Out of bounds write in WebRTC.
- CVE-2020-6388: Out of bounds memory access in WebAudio.
- CVE-2020-6389: Out of bounds write in WebRTC.
- CVE-2020-6390: Out of bounds memory access in streams.
- CVE-2020-6391: Insufficient validation of untrusted input in Blink.
- CVE-2020-6392: Insufficient policy enforcement in extensions.
- CVE-2020-6393: Insufficient policy enforcement in Blink.
- CVE-2020-6394: Insufficient policy enforcement in Blink.
- CVE-2020-6395: Out of bounds read in JavaScript.
- CVE-2020-6396: Inappropriate implementation in Skia.
- CVE-2020-6397: Incorrect security UI in sharing.
- CVE-2020-6398: Uninitialized use in PDFium.
- CVE-2020-6399: Insufficient policy enforcement in AppCache.
- CVE-2020-6400: Inappropriate implementation in CORS.
- CVE-2020-6401: Insufficient validation of untrusted input in Omnibox.
- CVE-2020-6402: Insufficient policy enforcement in downloads.
- CVE-2020-6403: Incorrect security UI in Omnibox.
- CVE-2020-6404: Inappropriate implementation in Blink.
- CVE-2020-6405: Out of bounds read in SQLite.
- CVE-2020-6406: Use after free in audio.
- CVE-2019-19923: Out of bounds memory access in SQLite.
- CVE-2020-6408: Insufficient policy enforcement in CORS.
- CVE-2020-6409: Inappropriate implementation in Omnibox.
- CVE-2020-6410: Insufficient policy enforcement in navigation.
- CVE-2020-6411: Insufficient validation of untrusted input in Omnibox.
- CVE-2020-6412: Insufficient validation of untrusted input in Omnibox.
- CVE-2020-6413: Inappropriate implementation in Blink.
- CVE-2020-6414: Insufficient policy enforcement in Safe Browsing.
- CVE-2020-6415: Inappropriate implementation in JavaScript.
- CVE-2020-6416: Insufficient data validation in streams.
- CVE-2020-6417: Inappropriate implementation in installer.
* debian/control:
- add nodejs as a build dependency
- bump the clang and llvm build dependencies to version 9 which was
recently backported to bionic
* debian/rules: build gn with clang 9
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/node-use-system-wide.patch: added
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/use-clang-versioned.patch: updated
* debian/patches/widevine-enable-version-string.patch: refreshed
* debian/tests/html5test: update test expectations for the removal
of the Web Components V0 APIs
(see https://www.chromestatus.com/feature/5144752345317376)
-- Olivier Tilloy <email address hidden> Wed, 05 Feb 2020 15:50:26 +0100
-
chromium-browser (79.0.3945.130-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 79.0.3945.130
- CVE-2020-6378: Use-after-free in speech recognizer.
- CVE-2020-6379: Use-after-free in speech recognizer.
- CVE-2020-6380: Extension message verification error.
* debian/control: remove libgnome-keyring-dev build dependency (LP: #1828192)
* debian/rules: build with use_gnome_keyring=false
* debian/known_gn_gen_args-*: change use_gnome_keyring build flag to false
-- Olivier Tilloy <email address hidden> Mon, 27 Jan 2020 17:57:12 +0100
-
chromium-browser (79.0.3945.79-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 79.0.3945.79
- CVE-2019-13725: Use after free in Bluetooth.
- CVE-2019-13726: Heap buffer overflow in password manager.
- CVE-2019-13727: Insufficient policy enforcement in WebSockets.
- CVE-2019-13728: Out of bounds write in V8.
- CVE-2019-13729: Use after free in WebSockets.
- CVE-2019-13730: Type Confusion in V8.
- CVE-2019-13732: Use after free in WebAudio.
- CVE-2019-13734: Out of bounds write in SQLite.
- CVE-2019-13735: Out of bounds write in V8.
- CVE-2019-13764: Type Confusion in V8.
- CVE-2019-13736: Integer overflow in PDFium.
- CVE-2019-13737: Insufficient policy enforcement in autocomplete.
- CVE-2019-13738: Insufficient policy enforcement in navigation.
- CVE-2019-13739: Incorrect security UI in Omnibox.
- CVE-2019-13740: Incorrect security UI in sharing.
- CVE-2019-13741: Insufficient validation of untrusted input in Blink.
- CVE-2019-13742: Incorrect security UI in Omnibox.
- CVE-2019-13743: Incorrect security UI in external protocol handling.
- CVE-2019-13744: Insufficient policy enforcement in cookies.
- CVE-2019-13745: Insufficient policy enforcement in audio.
- CVE-2019-13746: Insufficient policy enforcement in Omnibox.
- CVE-2019-13747: Uninitialized Use in rendering.
- CVE-2019-13748: Insufficient policy enforcement in developer tools.
- CVE-2019-13749: Incorrect security UI in Omnibox.
- CVE-2019-13750: Insufficient data validation in SQLite.
- CVE-2019-13751: Uninitialized Use in SQLite.
- CVE-2019-13752: Out of bounds read in SQLite.
- CVE-2019-13753: Out of bounds read in SQLite.
- CVE-2019-13754: Insufficient policy enforcement in extensions.
- CVE-2019-13755: Insufficient policy enforcement in extensions.
- CVE-2019-13756: Incorrect security UI in printing.
- CVE-2019-13757: Incorrect security UI in Omnibox.
- CVE-2019-13758: Insufficient policy enforcement in navigation.
- CVE-2019-13759: Incorrect security UI in interstitials.
- CVE-2019-13761: Incorrect security UI in Omnibox.
- CVE-2019-13762: Insufficient policy enforcement in downloads.
- CVE-2019-13763: Insufficient policy enforcement in payments.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-enable-version-string.patch: updated
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <email address hidden> Wed, 11 Dec 2019 10:17:07 +0100
-
chromium-browser (78.0.3904.108-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 78.0.3904.108 (LP: #1853149)
- CVE-2019-13723: Use-after-free in Bluetooth.
- CVE-2019-13724: Out-of-bounds access in Bluetooth.
-- Olivier Tilloy <email address hidden> Tue, 19 Nov 2019 16:31:49 +0100
-
chromium-browser (78.0.3904.97-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 78.0.3904.97
-- Olivier Tilloy <email address hidden> Thu, 07 Nov 2019 06:44:09 +0100
-
chromium-browser (78.0.3904.70-0ubuntu0.18.04.2) bionic; urgency=medium
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <email address hidden> Fri, 01 Nov 2019 10:09:29 +0100
-
chromium-browser (77.0.3865.90-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 77.0.3865.90
- CVE-2019-13685: Use-after-free in UI.
- CVE-2019-13688: Use-after-free in media.
- CVE-2019-13687: Use-after-free in media.
- CVE-2019-13686: Use-after-free in offline pages.
-- Olivier Tilloy <email address hidden> Fri, 20 Sep 2019 11:35:45 +0200
-
chromium-browser (76.0.3809.100-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 76.0.3809.100
- CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction.
- CVE-2019-5867: Out-of-bounds read in V8.
-- Olivier Tilloy <email address hidden> Sat, 10 Aug 2019 15:44:51 +0200
-
chromium-browser (76.0.3809.87-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 76.0.3809.87
- CVE-2019-5850: Use-after-free in offline page fetcher.
- CVE-2019-5860: Use-after-free in PDFium.
- CVE-2019-5853: Memory corruption in regexp length check.
- CVE-2019-5851: Use-after-poison in offline audio context.
- CVE-2019-5859: res: URIs can load alternative browsers.
- CVE-2019-5856: Insufficient checks on filesystem: URI permissions.
- CVE-2019-5863: Use-after-free in WebUSB on Windows.
- CVE-2019-5855: Integer overflow in PDFium.
- CVE-2019-5865: Site isolation bypass from compromised renderer.
- CVE-2019-5858: Insufficient filtering of Open URL service parameters.
- CVE-2019-5864: Insufficient port filtering in CORS for extensions.
- CVE-2019-5862: AppCache not robust to compromised renderers.
- CVE-2019-5861: Click location incorrectly checked.
- CVE-2019-5857: Comparison of -0 and null yields crash.
- CVE-2019-5854: Integer overflow in PDFium text rendering.
- CVE-2019-5852: Object leak of utility functions.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: removed, no longer needed
* debian/patches/pffft-no-neon.patch: removed, no longer needed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/upstream-fix-blink-build-iterators.patch: added
-- Olivier Tilloy <email address hidden> Tue, 30 Jul 2019 22:25:08 +0200
-
chromium-browser (75.0.3770.142-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 75.0.3770.142
* debian/control: bump the clang and llvm build dependencies to version 8
which was recently backported to bionic
* debian/rules: build gn with clang 8
* debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
needed
* debian/patches/use-clang-versioned.patch: updated
-- Olivier Tilloy <email address hidden> Tue, 16 Jul 2019 16:47:32 +0200
-
chromium-browser (75.0.3770.90-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 75.0.3770.90
-- Olivier Tilloy <email address hidden> Thu, 13 Jun 2019 22:21:27 +0200
-
chromium-browser (74.0.3729.169-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 74.0.3729.169
* debian/patches/revert-gn-4960.patch: added
* debian/patches/revert-gn-4980.patch: added
* debian/tests/data/HTML5test/index.html: mock whichbrowser.net to remove
external test dependency
-- Olivier Tilloy <email address hidden> Wed, 22 May 2019 12:30:43 +0200
-
chromium-browser (73.0.3683.86-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 73.0.3683.86
-- Olivier Tilloy <email address hidden> Thu, 21 Mar 2019 09:21:24 +0100
-
chromium-browser (73.0.3683.75-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 73.0.3683.75
- CVE-2019-5787: Use after free in Canvas.
- CVE-2019-5788: Use after free in FileAPI.
- CVE-2019-5789: Use after free in WebMIDI.
- CVE-2019-5790: Heap buffer overflow in V8.
- CVE-2019-5791: Type confusion in V8.
- CVE-2019-5792: Integer overflow in PDFium.
- CVE-2019-5793: Excessive permissions for private API in Extensions.
- CVE-2019-5794: Security UI spoofing.
- CVE-2019-5795: Integer overflow in PDFium.
- CVE-2019-5796: Race condition in Extensions.
- CVE-2019-5797: Race condition in DOMStorage.
- CVE-2019-5798: Out of bounds read in Skia.
- CVE-2019-5799: CSP bypass with blob URL.
- CVE-2019-5800: CSP bypass with blob URL.
- CVE-2019-5801: Incorrect Omnibox display on iOS.
- CVE-2019-5802: Security UI spoofing.
- CVE-2019-5803: CSP bypass with Javascript URLs'.
- CVE-2019-5804: Command line command injection on Windows.
* debian/control: bump the clang and llvm build dependencies to version 7
which was recently backported to bionic
* debian/rules: build gn with clang 7
* debian/patches/additional-search-engines.patch: removed, no longer needed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: updated
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: added
* debian/patches/widevine-enable-version-string.patch: refreshed
-- Olivier Tilloy <email address hidden> Tue, 12 Mar 2019 21:59:12 +0100
-
chromium-browser (72.0.3626.121-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 72.0.3626.121
- CVE-2019-5786: Use-after-free in FileReader
* debian/patches/gn-fix-link-pthread.patch: removed, no longer needed
-- Olivier Tilloy <email address hidden> Tue, 05 Mar 2019 16:21:41 +0100
-
chromium-browser (72.0.3626.119-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 72.0.3626.119
* debian/patches/gn-fix-link-pthread.patch: added
-- Olivier Tilloy <email address hidden> Mon, 25 Feb 2019 15:56:06 +0100
-
chromium-browser (71.0.3578.98-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.
-- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 12:55:57 +0100
-
chromium-browser (71.0.3578.80-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 22:46:10 +0100
-
chromium-browser (70.0.3538.110-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 11:36:04 +0100
-
chromium-browser (70.0.3538.77-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 70.0.3538.77
-- Olivier Tilloy <email address hidden> Thu, 25 Oct 2018 07:32:56 +0200
-
chromium-browser (70.0.3538.67-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 70.0.3538.67
- CVE-2018-17462: Sandbox escape in AppCache.
- CVE-2018-17463: Remote code execution in V8.
- CVE to be assigned: Heap buffer overflow in Little CMS in PDFium.
- CVE-2018-17464: URL spoof in Omnibox.
- CVE-2018-17465: Use after free in V8.
- CVE-2018-17466: Memory corruption in Angle.
- CVE-2018-17467: URL spoof in Omnibox.
- CVE-2018-17468: Cross-origin URL disclosure in Blink.
- CVE-2018-17469: Heap buffer overflow in PDFium.
- CVE-2018-17470: Memory corruption in GPU Internals.
- CVE-2018-17471: Security UI occlusion in full screen mode.
- CVE-2018-17472: iframe sandbox escape on iOS.
- CVE-2018-17473: URL spoof in Omnibox.
- CVE-2018-17474: Use after free in Blink.
- CVE-2018-17475: URL spoof in Omnibox.
- CVE-2018-17476: Security UI occlusion in full screen mode.
- CVE-2018-5179: Lack of limits on update() in ServiceWorker.
- CVE-2018-17477: UI spoof in Extensions.
* debian/rules:
- remove enable_google_now build flag
- remove use_gtk3 build flag
* debian/patches/arm-neon.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
* debian/known_gn_gen_args-*:
- remove enable_google_now build flag
- remove use_gtk3 build flag
-- Olivier Tilloy <email address hidden> Tue, 16 Oct 2018 22:43:46 +0200
-
chromium-browser (69.0.3497.81-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 69.0.3497.81
- CVE-2018-16065: Out of bounds write in V8.
- CVE-2018-16066: Out of bounds read in Blink.
- CVE-2018-16067: Out of bounds read in WebAudio.
- CVE-2018-16068: Out of bounds write in Mojo.
- CVE-2018-16069: Out of bounds read in SwiftShader.
- CVE-2018-16070: Integer overflow in Skia.
- CVE-2018-16071: Use after free in WebRTC.
- CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with
Android's MediaPlayer.
- CVE-2018-16073: Site Isolation bypass after tab restore.
- CVE-2018-16074: Site Isolation bypass using Blob URLS.
- CVE-2018-16075: Local file access in Blink.
- CVE-2018-16076: Out of bounds read in PDFium.
- CVE-2018-16077: Content security policy bypass in Blink.
- CVE-2018-16078: Credit card information leak in Autofill.
- CVE-2018-16079: URL spoof in permission dialogs.
- CVE-2018-16080: URL spoof in full screen mode.
- CVE-2018-16081: Local file access in DevTools.
- CVE-2018-16082: Stack buffer overflow in SwiftShader.
- CVE-2018-16083: Out of bounds read in WebRTC.
- CVE-2018-16084: User confirmation bypass in external protocol handling.
- CVE-2018-16085: Use after free in Memory Instrumentation.
* debian/control: add uuid-dev as a build dependency (needed by fontconfig)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-add-missing-arm-impl-files.patch: added
* debian/patches/last-commit-position: replaced by
debian/patches/gn-no-last-commit-position.patch
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
-- Olivier Tilloy <email address hidden> Wed, 05 Sep 2018 13:23:39 +0200
-
chromium-browser (68.0.3440.106-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 68.0.3440.106
-- Olivier Tilloy <email address hidden> Wed, 08 Aug 2018 23:59:05 +0200
-
chromium-browser (68.0.3440.75-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 68.0.3440.75
- CVE-2018-6153: Stack buffer overflow in Skia.
- CVE-2018-6154: Heap buffer overflow in WebGL.
- CVE-2018-6155: Use after free in WebRTC.
- CVE-2018-6156: Heap buffer overflow in WebRTC.
- CVE-2018-6157: Type confusion in WebRTC.
- CVE-2018-6158: Use after free in Blink.
- CVE-2018-6159: Same origin policy bypass in ServiceWorker.
- CVE-2018-6160: URL spoof in Chrome on iOS.
- CVE-2018-6161: Same origin policy bypass in WebAudio.
- CVE-2018-6162: Heap buffer overflow in WebGL.
- CVE-2018-6163: URL spoof in Omnibox.
- CVE-2018-6164: Same origin policy bypass in ServiceWorker.
- CVE-2018-6165: URL spoof in Omnibox.
- CVE-2018-6166: URL spoof in Omnibox.
- CVE-2018-6167: URL spoof in Omnibox.
- CVE-2018-6168: CORS bypass in Blink.
- CVE-2018-6169: Permissions bypass in extension installation.
- CVE-2018-6170: Type confusion in PDFium.
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox.
- CVE-2018-6173: URL spoof in Omnibox.
- CVE-2018-6174: Integer overflow in SwiftShader.
- CVE-2018-6175: URL spoof in Omnibox.
- CVE-2018-6176: Local user privilege escalation in Extensions.
- CVE-2018-6177: Cross origin information leak in Blink.
- CVE-2018-6178: UI spoof in Extensions.
- CVE-2018-6179: Local file information leak in Extensions.
- CVE-2018-6044: Request privilege escalation in Extensions.
- CVE-2018-4117: Cross origin information leak in Blink.
* debian/rules:
- remove enable_webrtc build flag
- make ninja less verbose to reduce build log size
* debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3
(LP: #1772448)
* debian/patches/add-missing-base-namespace.patch: added
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/fix-ffmpeg-ia32-build.patch: updated
* debian/patches/last-commit-position: refreshed
* debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/known_gn_gen_args-*: remove enable_webrtc build flag
-- Olivier Tilloy <email address hidden> Wed, 25 Jul 2018 10:05:09 +0200
-
chromium-browser (67.0.3396.99-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 67.0.3396.99
- CVE-2018-6148: Incorrect handling of CSP header.
- CVE-2018-6149: Out of bounds write in V8.
-- Olivier Tilloy <email address hidden> Mon, 09 Jul 2018 23:06:17 +0200
-
chromium-browser (66.0.3359.181-0ubuntu0.18.04.1) bionic; urgency=medium
* Upstream release: 66.0.3359.181
-- Olivier Tilloy <email address hidden> Tue, 15 May 2018 22:17:08 +0200
-
chromium-browser (66.0.3359.139-0ubuntu0.18.04.3) bionic; urgency=medium
* debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, not needed with
recent versions of clang (>= 6.0)
-- Olivier Tilloy <email address hidden> Fri, 04 May 2018 15:50:30 +0200
-
chromium-browser (65.0.3325.181-0ubuntu1) bionic; urgency=medium
* Upstream release: 65.0.3325.181
-- Olivier Tilloy <email address hidden> Wed, 21 Mar 2018 11:27:29 +0100
-
chromium-browser (65.0.3325.146-0ubuntu1) bionic; urgency=medium
* Upstream release: 65.0.3325.146
- CVE-2018-6058: Use after free in Flash.
- CVE-2018-6059: Use after free in Flash.
- CVE-2018-6060: Use after free in Blink.
- CVE-2018-6061: Race condition in V8.
- CVE-2018-6062: Heap buffer overflow in Skia.
- CVE-2018-6057: Incorrect permissions on shared memory.
- CVE-2018-6063: Incorrect permissions on shared memory.
- CVE-2018-6064: Type confusion in V8.
- CVE-2018-6065: Integer overflow in V8.
- CVE-2018-6066: Same Origin Bypass via canvas.
- CVE-2018-6067: Buffer overflow in Skia.
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
- CVE-2018-6069: Stack buffer overflow in Skia.
- CVE-2018-6070: CSP bypass through extensions.
- CVE-2018-6071: Heap bufffer overflow in Skia.
- CVE-2018-6072: Integer overflow in PDFium.
- CVE-2018-6073: Heap bufffer overflow in WebGL.
- CVE-2018-6074: Mark-of-the-Web bypass.
- CVE-2018-6075: Overly permissive cross origin downloads.
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
- CVE-2018-6077: Timing attack using SVG filters.
- CVE-2018-6078: URL Spoof in OmniBox.
- CVE-2018-6079: Information disclosure via texture data in WebGL.
- CVE-2018-6080: Information disclosure in IPC call.
- CVE-2018-6081: XSS in interstitials.
- CVE-2018-6082: Circumvention of port blocking.
- CVE-2018-6083: Incorrect processing of AppManifests.
* debian/rules: remove use_gconf build flag
* debian/patches/3-chrome-xid.patch: removed, unused
* debian/patches/5-desktop-integration-settings.patch: removed, unused
* debian/patches/6-passwordless-install-support.patch: removed, unused
* debian/patches/7-npapi-permission-not-defaults-to-unauthorized.patch:
removed, unused
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/breakpad: removed, unused
* debian/patches/cups-include-deprecated-ppd: removed, unused
* debian/patches/define__libc_malloc.patch: refreshed
* debian/patches/disable-sse2: updated
* debian/patches/display-scaling-default-value: removed, unused
* debian/patches/do-not-use-bundled-clang: removed, unused
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/enable_vaapi_on_linux.diff: removed, unused
* debian/patches/flash-redirection: removed, unused
* debian/patches/format-flag.patch: removed, unused
* debian/patches/gpu_default_disabled: removed, unused
* debian/patches/gsettings-display-scaling: removed, unused
* debian/patches/ld-memory-32bit.patch: removed, unused
* debian/patches/linker-asneeded-bug.patch: removed, unused
* debian/patches/lp-translations-paths: removed, unused
* debian/patches/mir-ozone-module: removed, unused
* debian/patches/mir-support: removed, unused
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/wayland-ozone: removed, unused
* debian/patches/xdg-settings-multiexec-desktopfiles.patch: removed, unused
* debian/known_gn_gen_args-*: remove use_gconf build flag
-- Olivier Tilloy <email address hidden> Wed, 07 Mar 2018 11:40:01 +0100
-
chromium-browser (64.0.3282.167-0ubuntu1) bionic; urgency=medium
* Upstream release: 64.0.3282.167
- CVE-2018-6056: Incorrect derived class instantiation in V8.
-- Olivier Tilloy <email address hidden> Wed, 14 Feb 2018 10:48:37 +0100
-
chromium-browser (64.0.3282.140-0ubuntu1) bionic; urgency=medium
* Upstream release: 64.0.3282.140
-- Olivier Tilloy <email address hidden> Fri, 02 Feb 2018 14:41:09 +0100
-
chromium-browser (64.0.3282.119-0ubuntu1) bionic; urgency=medium
* Upstream release: 64.0.3282.119
- CVE-2018-6031: Use after free in PDFium.
- CVE-2018-6032: Same origin bypass in Shared Worker.
- CVE-2018-6033: Race when opening downloaded files.
- CVE-2018-6034: Integer overflow in Blink.
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
- CVE-2018-6036: Integer underflow in WebAssembly.
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
- CVE-2018-6038: Heap buffer overflow in WebGL.
- CVE-2018-6039: XSS in DevTools.
- CVE-2018-6040: Content security policy bypass.
- CVE-2018-6041: URL spoof in Navigation.
- CVE-2018-6042: URL spoof in OmniBox.
- CVE-2018-6043: Insufficient escaping with external URL handlers.
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
- CVE-2018-6047: Cross origin URL leak in WebGL.
- CVE-2018-6048: Referrer policy bypass in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2018-6049: UI spoof in Permissions.
- CVE-2018-6050: URL spoof in OmniBox.
- CVE-2018-6051: Referrer leak in XSS Auditor.
- CVE-2018-6052: Incomplete no-referrer policy implementation.
- CVE-2018-6053: Leak of page thumbnails in New Tab Page.
- CVE-2018-6054: Use after free in WebUI.
* debian/control: update reference URL for chromedriver
* debian/rules:
- remove enable_hotwording build flag
- exclude build artifacts from the binary package (LP: #1742653)
* debian/patches/add-missing-cstddef-include.patch: added
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/no-xlocale-header.patch: removed, no longer needed
* debian/patches/revert-clang-nostdlib++.patch: updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1738149)
* debian/known_gn_gen_args-*: remove enable_hotwording build flag
-- Olivier Tilloy <email address hidden> Wed, 24 Jan 2018 23:18:03 +0100
-
chromium-browser (63.0.3239.132-0ubuntu1) bionic; urgency=medium
* Upstream release: 63.0.3239.132
* debian/rules: do not install files used for building only (LP: #1742653)
-- Olivier Tilloy <email address hidden> Sun, 14 Jan 2018 21:20:25 +0100
-
chromium-browser (63.0.3239.108-0ubuntu1) bionic; urgency=medium
* Upstream release: 63.0.3239.108
- CVE-2017-15429: UXSS in V8.
* debian/control: update Vcs-Bzr field
-- Olivier Tilloy <email address hidden> Fri, 15 Dec 2017 07:22:31 +0100
-
chromium-browser (63.0.3239.84-0ubuntu1) bionic; urgency=medium
* Upstream release: 63.0.3239.84
- CVE-2017-15407: Out of bounds write in QUIC.
- CVE-2017-15408: Heap buffer overflow in PDFium.
- CVE-2017-15409: Out of bounds write in Skia.
- CVE-2017-15410: Use after free in PDFium.
- CVE-2017-15411: Use after free in PDFium.
- CVE-2017-15412: Use after free in libXML.
- CVE-2017-15413: Type confusion in WebAssembly.
- CVE-2017-15415: Pointer information disclosure in IPC call.
- CVE-2017-15416: Out of bounds read in Blink.
- CVE-2017-15417: Cross origin information disclosure in Skia.
- CVE-2017-15418: Use of uninitialized value in Skia.
- CVE-2017-15419: Cross origin leak of redirect URL in Blink.
- CVE-2017-15420: URL spoofing in Omnibox.
- CVE-2017-15422: Integer overflow in ICU.
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
- CVE-2017-15424: URL Spoof in Omnibox.
- CVE-2017-15425: URL Spoof in Omnibox.
- CVE-2017-15426: URL Spoof in Omnibox.
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
* debian/rules:
- replace allow_posix_link_time_opt=false by use_lld=false,
is_cfi=false and use_thin_lto=false
- rename use_vulcanize GN flag to optimize_webui
- generate the man page as it's not being built with chromium any
longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa)
* debian/patches/arm-neon.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-gn-bootstrap.patch: removed, no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by
debian/patches/widevine-revision.patch
* debian/patches/glibc-2-26-changes.patch: renamed to
debian/patches/no-xlocale-header.patch and updated
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
* debian/patches/touch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: updated (LP: #1652110)
* debian/patches/widevine-revision.patch: added (LP: #1652110)
-- Olivier Tilloy <email address hidden> Thu, 07 Dec 2017 10:00:14 +0100
-
chromium-browser (62.0.3202.94-0ubuntu1.1388) bionic; urgency=medium
* Upstream release: 62.0.3202.94
-- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:45:15 +0100
-
chromium-browser (62.0.3202.89-0ubuntu1.1386) bionic; urgency=medium
* Upstream release: 62.0.3202.89
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.
-- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:43:04 +0100
-
chromium-browser (62.0.3202.62-0ubuntu0.17.10.1380) artful; urgency=medium
* Upstream release: 62.0.3202.62
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.
* debian/control:
- bump Standards-Version to 4.1.0
- build against clang 5.0
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/glibc-2-26-changes.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
needed
* debian/patches/revert-clang-nostdlib++.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: added
* debian/patches/widevine-other-locations: refreshed
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 21:19:28 +0200
-
chromium-browser (61.0.3163.100-0ubuntu1.1378) artful; urgency=medium
* debian/patches/set-rpath-on-chromium-executables.patch: added
(LP: #1718885)
* debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation,
made unnecessary by patch above
chromium-browser (61.0.3163.100-0ubuntu1.1376) artful; urgency=medium
* Upstream release: 61.0.3163.100
- CVE-2017-5121: Out-of-bounds access in V8.
- CVE-2017-5122: Out-of-bounds access in V8.
chromium-browser (61.0.3163.91-0ubuntu1.1374) artful; urgency=medium
* Upstream release: 61.0.3163.91
* debian/patches/glibc-2-26-changes.patch: added
-- Olivier Tilloy <email address hidden> Mon, 25 Sep 2017 17:38:56 -0400
