Format: 1.8 Date: Fri, 08 Mar 2013 09:50:59 -0500 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg Architecture: all i386 Version: 25.0.1364.160-0ubuntu0.12.10.1 Distribution: quantal Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Chad MILLER Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-l10n - chromium-browser language packages chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols Changes: chromium-browser (25.0.1364.160-0ubuntu0.12.10.1) quantal-security; urgency=low . * Disable lintian warnings about outdated autoconf files in source tree. * New stable version 25.0.1364.160: - CVE-2013-0912: Type confusion in WebKit. * New stable version 25.0.1364.152: - CVE-2013-0902: Use-after-free in frame loader. - CVE-2013-0903: Use-after-free in browser navigation handling. - CVE-2013-0904: Memory corruption in Web Audio. - CVE-2013-0905: Use-after-free with SVG animations. - CVE-2013-0906: Memory corruption in Indexed DB. - CVE-2013-0907: Race condition in media thread handling. - CVE-2013-0908: Incorrect handling of bindings for extension processes. - CVE-2013-0909: Referer leakage with XSS Auditor. - CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. - CVE-2013-0911: Possible path traversal in database handling. * New stable version 25.0.1364.97: - CVE-2013-0879: Memory corruption with web audio node. - CVE-2013-0880: Use-after-free in database handling. - CVE-2013-0881: Bad read in Matroska handling. - CVE-2013-0882: Bad memory access with excessive SVG parameters. - CVE-2013-0883: Bad read in Skia. - CVE-2013-0885: Too many API permissions granted to web store. - CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - CVE-2013-0888: Out-of-bounds read in Skia. - CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - CVE-2013-0890: Memory safety issues across the IPC layer. - CVE-2013-0891: Integer overflow in blob handling. - CVE-2013-0892: Lower severity issues across the IPC layer. - CVE-2013-0893: Race condition in media handling. - CVE-2013-0894: Buffer overflow in vorbis decoding. - CVE-2013-0895: Incorrect path handling in file copying. - CVE-2013-0896: Memory management issues in plug-in message handling. - CVE-2013-0897: Off-by-one read in PDF. - CVE-2013-0898: Use-after-free in URL handling. - CVE-2013-0899: Integer overflow in Opus handling. - CVE-2013-0900: Race condition in ICU. * New stable version 24.0.1312.52: - CVE-2012-5145: Use-after-free in SVG layout. - CVE-2012-5146: Same origin policy bypass with malformed URL. - CVE-2012-5147: Use-after-free in DOM handling. - CVE-2012-5148: Missing filename sanitization in hyphenation support. - CVE-2012-5149: Integer overflow in audio IPC handling. - CVE-2012-5150: Use-after-free when seeking video. - CVE-2012-5151: Integer overflow in PDF JavaScript. - CVE-2012-5152: Out-of-bounds read when seeking video. - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5156: Use-after-free in PDF fields. - CVE-2012-5157: Out-of-bounds reads in PDF image handling. - CVE-2013-0828: Bad cast in PDF root handling. - CVE-2013-0829: Corruption of database metadata leading to incorrect file access. - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process. - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling. - CVE-2013-0835: Browser crash with geolocation. - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments. * Add libpci-dev to build-deps. * debian/patches/ffmpeg-gyp-config. - Renamed from debian/patches/gyp-config-root - Write includes for more targets in ffmpeg building. * debian/patches/arm-crypto.patch - Added patch to distinguish normal ARM and hard-float ARM in crypto NSS inclusion. * Put GOOG search credit in a patch so we know when it fails. Also add credit to the other search idioms for GOOG. because releases can have any number of updates. * Update webapps patches. * debian/rules: - Adopt some ARM build conditions from Debian. - Clean up. Stop matching Ubuntu versions outside of Ubuntu environments. Match patterns instead of whole words - Write REMOVED files in correct place. - Remove all generated in-tree makefiles at clean and get-source time. - Move all file-removal lines in get-source inside the condition for stripping files out of the source. - Hack in a "clean" rule that implements what src/Makefile should. Checksums-Sha1: bb2f0e7bccaa75f37710c1b7cba542b7c6e0d3dc 2739698 chromium-browser-l10n_25.0.1364.160-0ubuntu0.12.10.1_all.deb eeb63583f94288da5741c2cf6d52274f6da12e7a 26710416 chromium-browser_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 61eb2c407ea5cc4ce38c62f0706b270d88718bbf 3441648 chromium-browser-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 81500e251f8a90f55c5ad962bef64d575f11926f 475274 chromium-codecs-ffmpeg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 457df6f4b53a31bf6cf7a235cdbd6d494bff578c 1065084 chromium-codecs-ffmpeg-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 07d03344a70994b8b6713e7ca5994faf746f6b4d 755250 chromium-codecs-ffmpeg-extra_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 4eb65fa9107745d0ad2054f382dfaae014119f32 1752050 chromium-codecs-ffmpeg-extra-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb Checksums-Sha256: 2ac0e1bc9813dcf3d1e1792ecda40cc008377effa2e0a1cead94c16781bea354 2739698 chromium-browser-l10n_25.0.1364.160-0ubuntu0.12.10.1_all.deb 60e5b2e4d1b6ec8203dc8bb27ee0d322c3c627e01f32be7cb54657ff8a9e051b 26710416 chromium-browser_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 05ccbd2cceac129b438286ad2d5189bde2a8a0a1ee544ce27b6adb8333fb1a46 3441648 chromium-browser-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 9314bedc871f0fdbe06fea833477bcef8a855793e666482576d08b86de7e58d5 475274 chromium-codecs-ffmpeg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb d73f79825cebc5f071aecab923485fe8e03ba1bac800cf21c09335f4c6664ac3 1065084 chromium-codecs-ffmpeg-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb b5fb21de1da3a093f4cb89b557c23b3fd88c40f1e8ea65d86a85af07d16b66b3 755250 chromium-codecs-ffmpeg-extra_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 331b0f18a1a06015f935079fc2ffbe6520ceafeb0be9cf74eb6925d054c12b08 1752050 chromium-codecs-ffmpeg-extra-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb Files: f41c05478a090cffbd537bdbbabd3419 2739698 web optional chromium-browser-l10n_25.0.1364.160-0ubuntu0.12.10.1_all.deb 619cd3e9abad58f6cd5b8eee48a79ecd 26710416 web optional chromium-browser_25.0.1364.160-0ubuntu0.12.10.1_i386.deb fb45bbe00189205e1b7ff0bbba4161bb 3441648 debug extra chromium-browser-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 4c798ef7ff061da29d36022b3c62992a 475274 web optional chromium-codecs-ffmpeg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 8803c79308b5b9b441bbcee28313e424 1065084 debug extra chromium-codecs-ffmpeg-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 99e023df27359f0f20492ff333ff405b 755250 web optional chromium-codecs-ffmpeg-extra_25.0.1364.160-0ubuntu0.12.10.1_i386.deb 851136cb52d19a6287a0f3b3480d4dc7 1752050 debug extra chromium-codecs-ffmpeg-extra-dbg_25.0.1364.160-0ubuntu0.12.10.1_i386.deb Original-Maintainer: Micah Gersten , Fabien Tassin