Format: 1.8 Date: Thu, 20 Jun 2013 14:54:43 -0400 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg Architecture: armhf Version: 28.0.1500.52-0ubuntu1.12.04.2 Distribution: precise Urgency: low Maintainer: Ubuntu/armhf Build Daemon Changed-By: Chad MILLER Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-l10n - chromium-browser language packages chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols Changes: chromium-browser (28.0.1500.52-0ubuntu1.12.04.2) precise-security; urgency=low . [Chad MILLER] * New stable release 28.0.1500.52 * New stable release 28.0.1500.45 * New stable release 27.0.1453.110: - CVE-2013-2855: Memory corruption in dev tools API. - CVE-2013-2856: Use-after-free in input handling. - CVE-2013-2857: Use-after-free in image handling. - CVE-2013-2858: Use-after-free in HTML5 Audio. - CVE-2013-2859: Cross-origin namespace pollution. - CVE-2013-2860: Use-after-free with workers accessing database APIs. - CVE-2013-2861: Use-after-free with SVG. - CVE-2013-2862: Memory corruption in Skia GPU handling. - CVE-2013-2863: Memory corruption in SSL socket handling. - CVE-2013-2864: Bad free in PDF viewer. * New stable release 27.0.1453.93: - CVE-2013-2837: Use-after-free in SVG. - CVE-2013-2838: Out-of-bounds read in v8. - CVE-2013-2839: Bad cast in clipboard handling. - CVE-2013-2840: Use-after-free in media loader. - CVE-2013-2841: Use-after-free in Pepper resource handling. - CVE-2013-2842: Use-after-free in widget handling. - CVE-2013-2843: Use-after-free in speech handling. - CVE-2013-2844: Use-after-free in style resolution. - CVE-2013-2845: Memory safety issues in Web Audio. - CVE-2013-2846: Use-after-free in media loader. - CVE-2013-2847: Use-after-free race condition with workers. - CVE-2013-2848: Possible data extraction with XSS Auditor. - CVE-2013-2849: Possible XSS with drag+drop or copy+paste. * Drop unneeded patches, safe-browsing-sigbus.patch dont-assume-cross-compile-on-arm.patch struct-siginfo.patch ld-memory-32bit.patch dlopen_sonamed_gl.patch * Update arm-neon patch, format-flag patch, search-credit patch, title-bar-system-default patch. * Make get-orig-source nicer. Package tarball contents from upstream correctly. * Reenable dyn-linking of major components of chromium for 32-bit machines. Fix a libdir path bug in debian/chromium-browser.sh.in . * No longer try to use system libraries. Generally, Security Team would hate bundled libraries because they provide a wide liability, but Chromium Project is pretty good about maintaining their bundled-source libraries. We can not pull cr-required lib versions forward in older Ubuntus, and we can't guarantee all the distro versions of libraries work with chromium-browser. The default security policy might be worse. Bundled libraries is less work overall. * Exclude included XDG files even if they are built. * Use NEON instructions on ARM, optionally. This might use run-time checks for hardware capability, but even if it doesn't we can add it later. * Clean up difference checks in debian/rules that make sure that all files that the build makes are used in packages, and no longer hide any, and no longer consider it an error if some are unused. Treat it as a warning, not a fatality. * Use legible shell instead of make-generated shell in setting the rpath in rules. * Add new build-dep, "chrpath". . [Chris Coulson] * debian/rules: Disable tcmalloc on all component builds, not just on arm builds. Checksums-Sha1: f21976b4bf2d31fcd90b55372d6c54ded432f93d 28518576 chromium-browser_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 09aae93ec5a0ee873afebe3dbfc85d1c89fc4028 279256540 chromium-browser-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb f32912f4a726d57779bf63a086a2b1b4cc7a7f1d 362020 chromium-codecs-ffmpeg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 043a9cde1d536706ebe44f2d81e327066a211651 683766 chromium-codecs-ffmpeg-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb ed049054b3afe727b9804ce9d0de950f3f0678f0 668382 chromium-codecs-ffmpeg-extra_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 75a5c0de29c1bac96af53e328533fd861ada149a 1398110 chromium-codecs-ffmpeg-extra-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb Checksums-Sha256: 78efae8fe3e75be7aa1616ebddb2beae55b00c50bacc605b35cc7539a7cf7e6a 28518576 chromium-browser_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb a1a72530c91a730311ffe5254c43eb08db430e34fb4309e229e926233ff62b8a 279256540 chromium-browser-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 752bff64d272ef961059228d99964d1a68f718cde9faf5e092f18e26f716a634 362020 chromium-codecs-ffmpeg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 199593d0b34bbcc5da37cd54672ab3694789757d27344b311f9aad23e2ff42cb 683766 chromium-codecs-ffmpeg-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 4884a012bbe30db8240bb85d7604cdc33b459f9b96d3fd29b4da3638511ff484 668382 chromium-codecs-ffmpeg-extra_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 8f8fb048feec369c796999dd3dc2398ca26e97ba0ab60f20c79103e91132faf2 1398110 chromium-codecs-ffmpeg-extra-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb Files: 0b4de2f6b1cc7e6ce1907bb1138f593e 28518576 web optional chromium-browser_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb f3ac016fedb4629ed33bf3853386dfaa 279256540 debug extra chromium-browser-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 0b439910f22149a7cb32a2405d1d4cdc 362020 web optional chromium-codecs-ffmpeg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 286818b439eea0807f51ebaa6d627bb7 683766 debug extra chromium-codecs-ffmpeg-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb f2a754d79629f9279d533440ccfe4ce8 668382 web optional chromium-codecs-ffmpeg-extra_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb 9f73ebfe8ab7f7a03c8da7f67bec1a57 1398110 debug extra chromium-codecs-ffmpeg-extra-dbg_28.0.1500.52-0ubuntu1.12.04.2_armhf.deb Original-Maintainer: Micah Gersten , Fabien Tassin