This bug was fixed in the package chromium-browser - 57.0.2987.98-0ubuntu0.16.10.1344
--------------- chromium-browser (57.0.2987.98-0ubuntu0.16.10.1344) yakkety-security; urgency=medium * Upstream release: 57.0.2987.98. - CVE-2017-5030: Memory corruption in V8. - CVE-2017-5031: Use after free in ANGLE. - CVE-2017-5032: Out of bounds write in PDFium. - CVE-2017-5029: Integer overflow in libxslt. - CVE-2017-5034: Use after free in PDFium. - CVE-2017-5035: Incorrect security UI in Omnibox. - CVE-2017-5036: Use after free in PDFium. - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. - CVE-2017-5039: Use after free in PDFium. - CVE-2017-5040: Information disclosure in V8. - CVE-2017-5041: Address spoofing in Omnibox. - CVE-2017-5033: Bypass of Content Security Policy in Blink. - CVE-2017-5042: Incorrect handling of cookies in Cast. - CVE-2017-5038: Use after free in GuestView. - CVE-2017-5043: Use after free in GuestView. - CVE-2017-5044: Heap overflow in Skia. - CVE-2017-5045: Information disclosure in XSS Auditor. - CVE-2017-5046: Information disclosure in Blink. * debian/patches/arm64-support no longer needed * debian/patches/stdatomic: Support gcc48. * debian/patches/snapshot-library-link: Add missing libsnapshot link * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move * debian/control: Drop binary arch "any" and explicitly list four. * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some compilers. * debian/rules: Fix armhf float ABI and remove unnecessary envvars. (LP: #1673276) -- Chad MILLER <chad.mil...@canonical.com> Wed, 15 Mar 2017 21:12:35 -0400 ** Changed in: chromium-browser (Ubuntu) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5029 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5030 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5031 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5032 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5033 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5034 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5035 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5036 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5037 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5038 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5039 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5040 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5041 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5042 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5043 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5044 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5045 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-5046 ** Changed in: chromium-browser (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1673276 Title: Improvements to Debian rules file Status in chromium-browser package in Ubuntu: Fix Released Bug description: Hi, I help maintain the Chromium package in Endless OS, which is based on Ubuntu's package. We have two minor improvements to the Debian rules file that you probably want. These diffs are based on your Xenial v56 package. First, a simple typo: From b794c427fa8146e8f3eb38f593c0d6e0d42692c7 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro <mcatanz...@igalia.com> Date: Mon, 2 Jan 2017 18:39:20 -0600 Subject: [PATCH] Fix upstream typo in rules file So now we know armhf has not been tested.... --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 881dd1a..3baa6d2 100755 --- a/debian/rules +++ b/debian/rules @@ -127,7 +127,7 @@ else ifeq (armhf,$(DEB_HOST_ARCH)) common_defines += target_cpu="arm" #common_defines += arm_optionally_use_neon=false # implies Android in 2016-10 common_defines += arm_use_neon=false -common_defined += arm_float_abi="hard" arm_use_thumb=true +common_defines += arm_float_abi="hard" arm_use_thumb=true else ifeq (arm64,$(DEB_HOST_ARCH)) common_defines += target_cpu="arm64" else ifeq (i386,$(DEB_HOST_ARCH)) Second we have a patch to remove some environment variables that are ignored by the new build system: From 3d7d37f64a31f4dad7e43bf78269a714bae1ed42 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro <mcatanz...@igalia.com> Date: Sun, 8 Jan 2017 14:37:03 -0600 Subject: [PATCH] Remove unused code from rules file All of these environment variables are ignored by the GN build, so it is misleading to keep them here. Also, remove the incorrect comment immediately below, since it prefaces a list of features that are both enabled and disabled. --- debian/rules | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/debian/rules b/debian/rules index 773b78e..33b7374 100755 --- a/debian/rules +++ b/debian/rules @@ -62,17 +62,6 @@ DEB_DH_SCOUR_ARGS += -Xsvg DEB_DH_SHLIBDEPS_ARGS_chromium-codecs-ffmpeg := -ldebian/chromium-codecs-ffmpeg/$(LIB_DIR) DEB_DH_SHLIBDEPS_ARGS_chromium-codecs-ffmpeg-extra := -ldebian/chromium-codecs-ffmpeg-extra/$(LIB_DIR) -### linker flags to avoid memory allocation issues on 32-bit -export LDFLAGS+=-Wl,--no-keep-memory -Wl,--stats - -# See https://bugs.chromium.org/p/v8/issues/detail?id=3782 -#export CFLAGS+=-fno-delete-null-pointer-checks - -export CC := $(shell which gcc-4 gcc-5 gcc cc |head -1) -export CXX := $(shell which g++-4 g+++5 g++ c++ |head -1) -export CPP := $(shell which g++-4 g+++5 g++ c++ |head -1) - -# disabled features common_defines+=\ enable_google_now=false \ enable_hangout_services_extension=true \ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1673276/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp