Format: 1.8
Date: Wed, 24 Aug 2016 13:30:26 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: amd64 all
Version: 52.0.2743.116-0ubuntu0.16.04.1.1250
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-34.buildd>
Changed-By: Chad MILLER <chad.miller@canonical.com>
Description:
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes:
 chromium-browser (52.0.2743.116-0ubuntu0.16.04.1.1250) xenial-security; urgency=medium
 .
   * Upstream release 52.0.2743.116:
     - CVE-2016-5141 Address bar spoofing.
     - CVE-2016-5142 Use-after-free in Blink.
     - CVE-2016-5139 Heap overflow in pdfium.
     - CVE-2016-5140 Heap overflow in pdfium.
     - CVE-2016-5145 Same origin bypass for images in Blink.
     - CVE-2016-5143 Parameter sanitization failure in DevTools.
     - CVE-2016-5144 Parameter sanitization failure in DevTools.
     - CVE-2016-5146: Various fixes from internal audits, fuzzing and other
       initiatives.
   * Exclude harfbuzz from system-library use.
   * Upstream release 52.0.2743.82:
     - CVE-2016-1706: Sandbox escape in PPAPI.
     - CVE-2016-1707: URL spoofing on iOS.
     - CVE-2016-1708: Use-after-free in Extensions.
     - CVE-2016-1709: Heap-buffer-overflow in sfntly.
     - CVE-2016-1710: Same-origin bypass in Blink.
     - CVE-2016-1711: Same-origin bypass in Blink.
     - CVE-2016-5127: Use-after-free in Blink.
     - CVE-2016-5128: Same-origin bypass in V8.
     - CVE-2016-5129: Memory corruption in V8.
     - CVE-2016-5130: URL spoofing.
     - CVE-2016-5131: Use-after-free in libxml.
     - CVE-2016-5132: Limited same-origin bypass in Service Workers.
     - CVE-2016-5133: Origin confusion in proxy authentication.
     - CVE-2016-5134: URL leakage via PAC script.
     - CVE-2016-5135: Content-Security-Policy bypass.
     - CVE-2016-5136: Use after free in extensions.
     - CVE-2016-5137: History sniffing with HSTS and CSP.
     - CVE-2016-1705: Various fixes from internal audits, fuzzing and other
       initiatives
   * Upstream release 51.0.2704.106
   * Upstream release 51.0.2704.103:
     - CVE-2016-1704: Various fixes from internal audits, fuzzing and other
       initiatives.
   * debian/control: remvove build-dep on clang.
   * Sync many things from debian:
     - No longer build remoting, or install its locale files.
     - Use many system libraries, adding build-dep on
         - libre2-dev,
         - yasm,
         - libopus-dev,
         - zlib1g-dev,
         - libspeex-dev,
         - libspeechd-dev,
         - libexpat1-dev,
         - libpng-dev,
         - libxml2-dev,
         - libjpeg-dev,
         - libwebp-dev,
         - libxslt-dev,
         - libsrtp-dev,
         - libjsoncpp-dev,
         - libevent-dev,
     - Clean up many parts of debian/rules, wrt variable names
     - Set hardening on.
     - Use gold linker.
     - Disable Google Now. Creepy. Might mean downloads of opaque programs too.
     - Disable Wallet service.
   * debian/compat: Use dh version 9.
   * debian/rules: Improve "cd;foo" logic.
   * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
     build failures in servers.
   * debian/rules: Move check steps into install steps. No need to be separate,
     and simplifies target names.
   * debian/rules: Make en-us locale files less magical, and simplify install.
   * debian/rules: Work around change to tar command param order with
     --exclude.
   * debian/rules: Don't use tcmalloc on armhf.
   * debian/rules: Remove precise-specific conditions. More simple.
   * debian/rules: In install-validation, don't use mktemp. Hard-code
     destination.
   * debian/patches/gsettings-display-scaling: Disable because code moved and
     needs refactoring.
   * debian/patches/display-scaling-default-value: Disable because probbly not
     needed any more.
   * debian/rules: widevine cdm is not really available in this source. No
     longer lie about that.
   * Set new GOOG keys to bisect service overuse problem.
Checksums-Sha1:
 4a1f468846136133f8f0c6ee450a5c71b92182cb 644086542 chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 5afe6d00ba04326a512a59f1c795b9360d98335d 3128230 chromium-browser-l10n_52.0.2743.116-0ubuntu0.16.04.1.1250_all.deb
 e4acc9243cdd2b2a2c807e9af95447a83b9a17cc 54138284 chromium-browser_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 f17f6dafba90fd07b6de934fc528df070d6021da 2951326 chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 9e4013d8ac2051cb67de69d20fde2f0bc6fff852 371926 chromium-chromedriver_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 31370edddf15ab6bb1142d3f156af61a86432477 832724 chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 93792773d20f09766025cd18faf2773be0ea8780 1674854 chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 155fd36eb4cc426f2c467ee0e13872308acfda01 900364 chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 603b6b05dbcb6de961770e7ee6eaa4dc5b2622f0 540292 chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
Checksums-Sha256:
 1e92b62565554a0d1b9f90a886f7fb7fb078da46d0912df001802b996eaaf472 644086542 chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 d74fd5b2209341250f311f9f91e3d2ca3398b60d136b3b79980197267cb673da 3128230 chromium-browser-l10n_52.0.2743.116-0ubuntu0.16.04.1.1250_all.deb
 a05dde33f761a65b936f8c4d4c143813aab0f25254db3ec5bc5831a4931974de 54138284 chromium-browser_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 2f716eb013d654c34f352284fe7e0064020ac9a31586b8e9e93f5fa0f471c0aa 2951326 chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 02d8f478ad3bdce99d8f1904624251c581e85eedb3ef2e98914d09d41bf706ec 371926 chromium-chromedriver_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 0b443cd71d1197cd0d556ab792742a23b2ffa3418ecd4efa67f887a1728e06be 832724 chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 93f41250b1fc1183efc3bdbec5845fbc26e39f1a0f7c872d4d86d344110a4016 1674854 chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 d32b47fa21857459efd9ee1e43d4600adcb9bc80305d755149d6954be78c2e1f 900364 chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 7ad345915484748cbd426446aec7583d46adbf576e453cfdfb1b1ab73ac35361 540292 chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
Files:
 ec483cc8fb4a10df57067b876122cca0 644086542 web extra chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 814f8b254352d0abc4ddedb74c21691e 3128230 web optional chromium-browser-l10n_52.0.2743.116-0ubuntu0.16.04.1.1250_all.deb
 5e8625ba07662ab397840e51b9f184e0 54138284 web optional chromium-browser_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 41181fb27735958074d1990857deae14 2951326 web extra chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 3eef745f8b95bd88db5c4d399d26a219 371926 web optional chromium-chromedriver_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 70d5336162f714ac2866695d9cb26cae 832724 web extra chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 a92bbd363ece8e1f82dec3f64b2d4eec 1674854 web extra chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.ddeb
 2859a0e04aaaa8a417bfc1a58f42cadb 900364 web optional chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb
 22c6416ca369d21e0f4f605589de01d7 540292 web optional chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.16.04.1.1250_amd64.deb