chromium-browser (34.0.1847.116-0ubuntu~1.12.10.0~pkg900) quantal-security;
urgency=medium
* Release to stage
chromium-browser (34.0.1847.116-0ubuntu1) UNRELEASED; urgency=low
* New upstream release 34.0.1847.116:
- CVE-2014-1716: UXSS in V8.
- CVE-2014-1717: OOB access in V8.
- CVE-2014-1718: Integer overflow in compositor.
- CVE-2014-1719: Use-after-free in web workers.
- CVE-2014-1720: Use-after-free in DOM.
- CVE-2014-1721: Memory corruption in V8.
- CVE-2014-1722: Use-after-free in rendering.
- CVE-2014-1723: Url confusion with RTL characters.
- CVE-2014-1724: Use-after-free in speech.
- CVE-2014-1725: OOB read with window property.
- CVE-2014-1726: Local cross-origin bypass.
- CVE-2014-1727: Use-after-free in forms.
- CVE-2014-1728: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version
3.24.35.22.
+ Now ignores "autocomplete=off" in web forms. (LP: #1294325)
* debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir
matching our version, then use version dir as the new lib dir. This
is an attempto to mitigate version upgrade hangs.
* debian/control: Add libexif-dev, libgcrypt-dev to build-deps.
* debian/control: Add Recommend pepperflashplugin-nonfree . NPAPI is dying.
* debian/control: Drop Recommend x11-xserver-utils, x11-utils .
* debian/control: Add libexif-dev to build-deps.
* debian/apport/chromium-browser.py: Convert encoded bytes to str before
splitting. Converting these to str at all is wrong, though.
* debian/patches/clipboard: Backport a few bug fixes.
chromium-browser (33.0.1750.152-0ubuntu0.12.10.1) quantal-security; urgency=low
* debian/rules: Enable high-DPI. Enable touch support. May not work on all
devices yet.
* debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir
matching our version, then use version dir as the new lib dir. This
is an attempto to mitigate version upgrade hangs.
* debian/rules: Move log-removal into the section for "release" builds only.
* Upstream release 33.0.1750.152:
- CVE-2014-1713: Code execution outside sandbox. Use-after-free in Blink
bindings.
- CVE-2014-1714: Code execution outside sandbox. Windows clipboard
vulnerability.
- CVE-2014-1705: Code execution outside sandbox. Memory corruption in V8.
- CVE-2014-1715: Code execution outside sandbox. Directory traversal issue.
* Upstream release 33.0.1750.149:
- CVE-2014-1700: Use-after-free in speech.
- CVE-2014-1701: UXSS in events.
- CVE-2014-1702: Use-after-free in web database.
- CVE-2014-1703: Potential sandbox escape due to a use-after-free in web
sockets.
- CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version
3.23.17.18.
* Upstream release 33.0.1750.115.
* Upstream release 33.0.1750.146.
- CVE-2013-6663: Use-after-free in svg images.
- CVE-2013-6664: Use-after-free in speech recognition.
- CVE-2013-6665: Heap buffer overflow in software rendering.
- CVE-2013-6666: Chrome allows requests in flash header request.
- CVE-2013-6667: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version
3.24.35.10.
* Add a token to get search credit at Baidu.
* debian/rules, debian/control: Switch to using ninja instead of make to
build. Switch from CDBS to dh. Remove many old hacks.
* debian/patches/disable_gn.patch: disable broken GN before build. Temporary
hack.
* debian/chromium-browser.{postinst,prerm}, add debhelper token.
* debian/rules: Split compare function into arch-dep and arch-indep versions,
since they check different things.
* debian/rules: Use actual upstream orig tarball.
* debian/control: build-dep on coreutils so we can print the checksums, too.
Date: 2014-04-14 02:51:12.568265+00:00
Changed-By: Chad Miller <chad.mil...@canonical.com>
Signed-By: Chris Coulson <chris.coul...@canonical.com>
https://launchpad.net/ubuntu/quantal/+source/chromium-browser/34.0.1847.116-0ubuntu~1.12.10.0~pkg900
Sorry, changesfile not available.
--
Quantal-changes mailing list
Quantal-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/quantal-changes
