chromium-browser (25.0.1364.160-0ubuntu0.10.04.1) lucid-security; urgency=low
* Disable lintian warnings about outdated autoconf files in source tree.
* New stable version 25.0.1364.160:
- CVE-2013-0912: Type confusion in WebKit.
* New stable version 25.0.1364.152:
- CVE-2013-0902: Use-after-free in frame loader.
- CVE-2013-0903: Use-after-free in browser navigation handling.
- CVE-2013-0904: Memory corruption in Web Audio.
- CVE-2013-0905: Use-after-free with SVG animations.
- CVE-2013-0906: Memory corruption in Indexed DB.
- CVE-2013-0907: Race condition in media thread handling.
- CVE-2013-0908: Incorrect handling of bindings for extension processes.
- CVE-2013-0909: Referer leakage with XSS Auditor.
- CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly.
- CVE-2013-0911: Possible path traversal in database handling.
* New stable version 25.0.1364.97:
- CVE-2013-0879: Memory corruption with web audio node.
- CVE-2013-0880: Use-after-free in database handling.
- CVE-2013-0881: Bad read in Matroska handling.
- CVE-2013-0882: Bad memory access with excessive SVG parameters.
- CVE-2013-0883: Bad read in Skia.
- CVE-2013-0885: Too many API permissions granted to web store.
- CVE-2013-0887: Developer tools process has too many permissions and
places too much trust in the connected server.
- CVE-2013-0888: Out-of-bounds read in Skia.
- CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- CVE-2013-0890: Memory safety issues across the IPC layer.
- CVE-2013-0891: Integer overflow in blob handling.
- CVE-2013-0892: Lower severity issues across the IPC layer.
- CVE-2013-0893: Race condition in media handling.
- CVE-2013-0894: Buffer overflow in vorbis decoding.
- CVE-2013-0895: Incorrect path handling in file copying.
- CVE-2013-0896: Memory management issues in plug-in message handling.
- CVE-2013-0897: Off-by-one read in PDF.
- CVE-2013-0898: Use-after-free in URL handling.
- CVE-2013-0899: Integer overflow in Opus handling.
- CVE-2013-0900: Race condition in ICU.
* New stable version 24.0.1312.52:
- CVE-2012-5145: Use-after-free in SVG layout.
- CVE-2012-5146: Same origin policy bypass with malformed URL.
- CVE-2012-5147: Use-after-free in DOM handling.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
- CVE-2012-5149: Integer overflow in audio IPC handling.
- CVE-2012-5150: Use-after-free when seeking video.
- CVE-2012-5151: Integer overflow in PDF JavaScript.
- CVE-2012-5152: Out-of-bounds read when seeking video.
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5156: Use-after-free in PDF fields.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling.
- CVE-2013-0828: Bad cast in PDF root handling.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access.
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension process.
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling.
- CVE-2013-0835: Browser crash with geolocation.
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory segments.
* Add libpci-dev to build-deps.
* debian/patches/ffmpeg-gyp-config.
- Renamed from debian/patches/gyp-config-root
- Write includes for more targets in ffmpeg building.
* debian/patches/arm-crypto.patch
- Added patch to distinguish normal ARM and hard-float ARM in crypto
NSS inclusion.
* Put GOOG search credit in a patch so we know when it fails. Also
add credit to the other search idioms for GOOG.
because releases can have any number of updates.
* debian/rules:
- Adopt some ARM build conditions from Debian.
- Clean up. Stop matching Ubuntu versions outside of Ubuntu environments.
Match patterns instead of whole words
- Write REMOVED files in correct place.
- Remove all generated in-tree makefiles at clean and get-source time.
- Move all file-removal lines in get-source inside the condition
for stripping files out of the source.
- Hack in a "clean" rule that implements what src/Makefile should.
Date: 2013-03-10 05:16:31.096558+00:00
Changed-By: Chad Miller <chad.mil...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/lucid/+source/chromium-browser/25.0.1364.160-0ubuntu0.10.04.1
Sorry, changesfile not available.
--
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
