Format: 1.8
Date: Wed, 24 Aug 2016 13:30:26 -0400
Source: chromium-browser
Binary: chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-extra chromium-chromedriver
Architecture: armhf
Version: 52.0.2743.116-0ubuntu0.14.04.1.1134
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-023.buildd>
Changed-By: Chad MILLER <chad.miller@canonical.com>
Description: 
 chromium-browser - Chromium web browser, open-source version of Chrome
 chromium-browser-l10n - chromium-browser language packages
 chromium-chromedriver - WebDriver driver for the Chromium Browser
 chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser
 chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser
Changes: 
 chromium-browser (52.0.2743.116-0ubuntu0.14.04.1.1134) trusty-security; urgency=medium
 .
   * Upstream release 52.0.2743.116:
     - CVE-2016-5141 Address bar spoofing.
     - CVE-2016-5142 Use-after-free in Blink.
     - CVE-2016-5139 Heap overflow in pdfium.
     - CVE-2016-5140 Heap overflow in pdfium.
     - CVE-2016-5145 Same origin bypass for images in Blink.
     - CVE-2016-5143 Parameter sanitization failure in DevTools.
     - CVE-2016-5144 Parameter sanitization failure in DevTools.
     - CVE-2016-5146: Various fixes from internal audits, fuzzing and other
       initiatives.
   * Exclude harfbuzz from system-library use.
   * Upstream release 52.0.2743.82:
     - CVE-2016-1706: Sandbox escape in PPAPI.
     - CVE-2016-1707: URL spoofing on iOS.
     - CVE-2016-1708: Use-after-free in Extensions.
     - CVE-2016-1709: Heap-buffer-overflow in sfntly.
     - CVE-2016-1710: Same-origin bypass in Blink.
     - CVE-2016-1711: Same-origin bypass in Blink.
     - CVE-2016-5127: Use-after-free in Blink.
     - CVE-2016-5128: Same-origin bypass in V8.
     - CVE-2016-5129: Memory corruption in V8.
     - CVE-2016-5130: URL spoofing.
     - CVE-2016-5131: Use-after-free in libxml.
     - CVE-2016-5132: Limited same-origin bypass in Service Workers.
     - CVE-2016-5133: Origin confusion in proxy authentication.
     - CVE-2016-5134: URL leakage via PAC script.
     - CVE-2016-5135: Content-Security-Policy bypass.
     - CVE-2016-5136: Use after free in extensions.
     - CVE-2016-5137: History sniffing with HSTS and CSP.
     - CVE-2016-1705: Various fixes from internal audits, fuzzing and other
       initiatives
   * Upstream release 51.0.2704.106
   * Upstream release 51.0.2704.103:
     - CVE-2016-1704: Various fixes from internal audits, fuzzing and other
       initiatives.
   * debian/control: remvove build-dep on clang.
   * Sync many things from debian:
     - No longer build remoting, or install its locale files.
     - Use many system libraries, adding build-dep on
         - libre2-dev,
         - yasm,
         - libopus-dev,
         - zlib1g-dev,
         - libspeex-dev,
         - libspeechd-dev,
         - libexpat1-dev,
         - libpng-dev,
         - libxml2-dev,
         - libjpeg-dev,
         - libwebp-dev,
         - libxslt-dev,
         - libsrtp-dev,
         - libjsoncpp-dev,
         - libevent-dev,
     - Clean up many parts of debian/rules, wrt variable names
     - Set hardening on.
     - Use gold linker.
     - Disable Google Now. Creepy. Might mean downloads of opaque programs too.
     - Disable Wallet service.
   * debian/compat: Use dh version 9.
   * debian/rules: Improve "cd;foo" logic.
   * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
     build failures in servers.
   * debian/rules: Move check steps into install steps. No need to be separate,
     and simplifies target names.
   * debian/rules: Make en-us locale files less magical, and simplify install.
   * debian/rules: Work around change to tar command param order with
     --exclude.
   * debian/rules: Don't use tcmalloc on armhf.
   * debian/rules: Remove precise-specific conditions. More simple.
   * debian/rules: In install-validation, don't use mktemp. Hard-code
     destination.
   * debian/patches/gsettings-display-scaling: Disable because code moved and
     needs refactoring.
   * debian/patches/display-scaling-default-value: Disable because probbly not
     needed any more.
   * debian/rules: widevine cdm is not really available in this source. No
     longer lie about that.
   * Set new GOOG keys to bisect service overuse problem.
Checksums-Sha1: 
 750b5e7c21c502fb9cc42e4fe07d05bd185e09ae 46470756 chromium-browser_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 cf96399827b213b6fb251d69579c0ab67640bdd4 486270 chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 8a9cff2bde671fb4a59609d8a144abb1902be017 798204 chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 990c15887191d6942752b05c1ea127671e4e571f 361722 chromium-chromedriver_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 d43615534d6985033cb84b5a8cbe73b9ced9c76d 796099714 chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 50742217e5104b7b2075878803831e7f1c5ae52d 823206 chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 6b6cb1886537d828284ec6d7ae79e5898b9d3026 1587406 chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 5e47e27ecbbe50d708f09b9a5f1853f854907318 3132414 chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
Checksums-Sha256: 
 ccea4388b226a5f2cc954d759bc3c7a8b26768d1c505c58b8628b0a29d6faf33 46470756 chromium-browser_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 e5bd05fe89d3bcc888e00106982d999fd70d5e57293f643ce258ad50f507cbc4 486270 chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 e65f37f2ab76a7c1d3b477bd13fed7fd98d52f29a946612379510977a995a232 798204 chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 0864f480f8ef54000095602bc2ce3cebf68507050469d35ca42825e758c8d77f 361722 chromium-chromedriver_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 acc21c3a2bfc3bec7fc60da3a4034568dc907bae4e20fb919dc07a3c6d421a70 796099714 chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 8e8465a7c263f01f501cf0c7850d5da688a59f9e71957977a92d5ea59c959c45 823206 chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 37e2299863d906978d72548207db50d8b8e10469b3e0b38332a3ea1e6c4f97af 1587406 chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 59cc4bd37101fb22566a9a4b6e019a7f42208d4c9c6015761b53178fb17b98e5 3132414 chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
Files: 
 b816e309a8fc16d222f37c70580ba2b1 46470756 web optional chromium-browser_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 bcfa05d194704b2b96b6957e9905c6d2 486270 web optional chromium-codecs-ffmpeg_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 0e8446379eeef1883ab1929356189d68 798204 web optional chromium-codecs-ffmpeg-extra_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 a0e82cac471cf68e096bd2c2c88240b5 361722 web optional chromium-chromedriver_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.deb
 e818b6ec7cb5eb4557aad3c2f4abeb46 796099714 web extra chromium-browser-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 8d175635528482e028e659b83713db9c 823206 web extra chromium-codecs-ffmpeg-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 aae626e8d25d669d1f104ca69612e124 1587406 web extra chromium-codecs-ffmpeg-extra-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb
 7303b039c3cf17d8d2446f6690cc4658 3132414 web extra chromium-chromedriver-dbgsym_52.0.2743.116-0ubuntu0.14.04.1.1134_armhf.ddeb